Cybozu Inc Cybozu Garoon vulnerabilities
127 known vulnerabilities affecting cybozu_inc/cybozu_garoon.
Total CVEs
127
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM108LOW2
Vulnerabilities
Page 1 of 7
CVE-2019-5945P3CRITICALCVSS 9.8v4.2.4 to 4.10.12019-05-17
CVE-2019-5945 [CRITICAL] CVE-2019-5945: Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
nvd
CVE-2016-7803P3HIGHCVSS 8.8v3.0.0 to 4.2.22017-06-09
CVE-2016-7803 [HIGH] CWE-89 CVE-2016-7803: SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attacker
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
nvd
CVE-2018-0530P3HIGHCVSS 8.8v3.5.0 to 4.2.62018-04-16
CVE-2018-0530 [HIGH] CWE-89 CVE-2018-0530: SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attacker
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2018-0607P3HIGHCVSS 8.8v3.5.0 to 4.6.22018-07-26
CVE-2018-0607 [HIGH] CWE-89 CVE-2018-0607: SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 all
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2020-5580P3HIGHCVSS 8.1v4.0.0 to 5.0.12020-06-30
CVE-2020-5580 [HIGH] CVE-2020-5580: Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to v
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
nvd
CVE-2022-29484P3HIGHCVSS 8.1v4.0.0 to 5.9.02022-07-04
CVE-2022-29484 [HIGH] CVE-2022-29484: Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
nvd
CVE-2018-16178P3HIGHCVSS 7.5v3.0.0 to 4.10.02019-01-09
CVE-2018-16178 [HIGH] CVE-2018-16178: Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view informati
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
nvd
CVE-2022-30602P3HIGHCVSS 8.1v4.0.0 to 5.9.12022-07-11
CVE-2022-30602 [HIGH] CVE-2022-30602: Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remot
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
nvd
CVE-2020-5567P3HIGHCVSS 7.5v4.0.0 to 4.10.32020-04-28
CVE-2020-5567 [HIGH] CWE-287 CVE-2020-5567: Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to ob
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
nvd
CVE-2018-0673P3HIGHCVSS 8.1v3.5.0 to 4.6.32018-11-15
CVE-2018-0673 [HIGH] CWE-22 CVE-2018-0673: Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2019-5934P3HIGHCVSS 7.2v4.0.0 to 4.10.02019-05-17
CVE-2019-5934 [HIGH] CWE-89 CVE-2019-5934: SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
nvd
CVE-2026-22888P3HIGHCVSS 7.5v5.0.0 to 6.0.32026-02-02
CVE-2026-22888 [HIGH] CWE-231 CVE-2026-22888: Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthor
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
nvd
CVE-2024-31401P3CRITICALCVSS 9.0v5.0.0 to 5.15.22024-06-11
CVE-2024-31401 [CRITICAL] CWE-79 CVE-2024-31401: Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated at
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
nvd
CVE-2019-5931P3HIGHCVSS 8.7v4.0.0 to 4.6.32019-05-17
CVE-2019-5931 [HIGH] CWE-20 CVE-2019-5931: Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
nvd
CVE-2020-5584P3HIGHCVSS 7.5v4.0.0 to 5.0.12020-06-30
CVE-2020-5584 [HIGH] CVE-2020-5584: Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
nvd
CVE-2017-2090P3MEDIUMCVSS 6.5v3.0.0 to 4.2.32017-04-28
CVE-2017-2090 [MEDIUM] CWE-22 CVE-2017-2090: Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated at
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2020-5643P3MEDIUMCVSS 6.5v5.0.0 to 5.0.22020-11-06
CVE-2020-5643 [MEDIUM] CWE-20 CVE-2020-5643: Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticate
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
nvd
CVE-2016-4907P3HIGHCVSS 8.8v3.0.0 to 4.2.22017-06-09
CVE-2016-4907 [HIGH] CWE-352 CVE-2016-4907: Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
nvd
CVE-2020-5581P3MEDIUMCVSS 6.5v4.0.0 to 5.0.12020-06-30
CVE-2020-5581 [MEDIUM] CWE-22 CVE-2020-5581: Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers t
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
nvd
CVE-2021-20758P4HIGHCVSS 8.0v4.0.0 to 5.0.22021-08-18
CVE-2021-20758 [HIGH] CWE-352 CVE-2021-20758: Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
nvd
1 / 7Next →