cbcvebase.

Cybozu Garoon vulnerabilities

198 known vulnerabilities affecting cybozu/garoon.

Total CVEs
198
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH24MEDIUM158LOW12

Vulnerabilities

Page 8 of 10
CVE-2023-27304P4MEDIUMCVSS 4.3≥ 4.6.0, ≤ 5.9.22023-05-23
CVE-2023-27304 [MEDIUM] CWE-862 CVE-2023-27304: Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 a Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
nvd
CVE-2019-5946P4MEDIUMCVSS 6.1≥ 4.2.4, ≤ 4.10.12019-05-17
CVE-2019-5946 [MEDIUM] CWE-601 CVE-2019-5946: Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect use Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
nvd
CVE-2019-5978P4MEDIUMCVSS 6.1≥ 4.0.0, ≤ 4.10.22019-09-12
CVE-2019-5978 [MEDIUM] CWE-601 CVE-2019-5978: Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect use Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
nvd
CVE-2013-6002P4MEDIUMCVSS 5.0≤ 3.7v2.0+5 more2013-12-05
CVE-2013-6002 [MEDIUM] CWE-399 CVE-2013-6002: The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
nvd
CVE-2019-5976P4MEDIUMCVSS 4.9≥ 4.0.0, ≤ 4.10.22019-09-12
CVE-2019-5976 [MEDIUM] CWE-20 CVE-2019-5976: Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of ser Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
nvd
CVE-2024-31397P4MEDIUMCVSS 4.9≥ 5.0.0, < 5.15.22024-06-11
CVE-2024-31397 [MEDIUM] CWE-231 CVE-2024-31397: Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerabili Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
nvd
CVE-2016-1192P4MEDIUMCVSS 4.3v3.7.0v3.7.1+9 more2016-06-19
CVE-2016-1192 [MEDIUM] CWE-22 CVE-2016-1192: Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 all Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
nvd
CVE-2020-5566P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.32020-04-28
CVE-2020-5566 [MEDIUM] CVE-2020-5566: Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated at Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
nvd
CVE-2016-1220P4MEDIUMCVSS 4.3≤ 4.2.12017-04-20
CVE-2016-1220 [MEDIUM] CWE-284 CVE-2016-1220: Cybozu Garoon before 4.2.2 does not properly restrict access. Cybozu Garoon before 4.2.2 does not properly restrict access.
nvd
CVE-2021-20772P4MEDIUMCVSS 4.3≥ 4.10.0, ≤ 5.5.02021-08-18
CVE-2021-20772 [MEDIUM] CVE-2021-20772: Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote au Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
nvd
CVE-2021-20775P4MEDIUMCVSS 4.3≥ 4.10.0, ≤ 5.5.02021-08-18
CVE-2021-20775 [MEDIUM] CWE-20 CVE-2021-20775: Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
nvd
CVE-2021-20762P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20762 [MEDIUM] CWE-20 CVE-2021-20762: Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote au Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
nvd
CVE-2021-20760P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.0.22021-08-18
CVE-2021-20760 [MEDIUM] CWE-20 CVE-2021-20760: Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
nvd
CVE-2021-20773P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 5.5.02021-08-18
CVE-2021-20773 [MEDIUM] CVE-2021-20773: There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authe There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
nvd
CVE-2022-29467P4MEDIUMCVSS 4.3≥ 4.2.0, ≤ 5.5.12022-07-04
CVE-2022-29467 [MEDIUM] CWE-200 CVE-2022-29467: Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authent Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
nvd
CVE-2019-5977P4MEDIUMCVSS 4.3≥ 4.0.0, ≤ 4.10.22019-09-12
CVE-2019-5977 [MEDIUM] CWE-74 CVE-2019-5977: Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticate Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
nvd
CVE-2024-31404P4MEDIUMCVSS 4.3≥ 5.5.0, < 6.0.12024-06-11
CVE-2024-31404 [MEDIUM] CWE-922 CVE-2024-31404: Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, whic Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
nvd
CVE-2013-6916P4MEDIUMCVSS 4.3≤ 3.7v2.0+6 more2013-12-05
CVE-2013-6916 [MEDIUM] CWE-79 CVE-2013-6916: Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon befor Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2020-5586P4MEDIUMCVSS 4.8≥ 4.10.3, ≤ 5.0.12020-06-30
CVE-2020-5586 [MEDIUM] CWE-79 CVE-2020-5586: Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrat Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
nvd
CVE-2022-29513P4MEDIUMCVSS 4.8≥ 4.10.0, ≤ 5.5.12022-07-04
CVE-2022-29513 [MEDIUM] CWE-79 CVE-2022-29513: Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote aut Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
nvd
Cybozu Garoon vulnerabilities | cvebase