Cybozu Inc Cybozu Garoon vulnerabilities
127 known vulnerabilities affecting cybozu_inc/cybozu_garoon.
Total CVEs
127
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM108LOW2
Vulnerabilities
Page 2 of 7
CVE-2022-29512P4MEDIUMCVSS 6.5v4.0.0 to 5.9.12022-07-11
CVE-2022-29512 [MEDIUM] CWE-200 CVE-2022-29512: Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
nvd
CVE-2020-5563P4MEDIUMCVSS 5.3v4.0.0 to 4.10.32020-04-28
CVE-2020-5563 [MEDIUM] CWE-287 CVE-2020-5563: Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to ob
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
nvd
CVE-2020-5583P4MEDIUMCVSS 6.5v4.0.0 to 5.0.12020-06-30
CVE-2020-5583 [MEDIUM] CVE-2020-5583: Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to o
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
nvd
CVE-2024-31400P4MEDIUMCVSS 6.5v5.0.0 to 5.15.02024-06-11
CVE-2024-31400 [MEDIUM] CWE-922 CVE-2024-31400: Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
nvd
CVE-2019-5936P4MEDIUMCVSS 5.4v4.0.0 to 4.10.12019-05-17
CVE-2019-5936 [MEDIUM] CWE-22 CVE-2019-5936: Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attac
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
nvd
CVE-2022-26368P4MEDIUMCVSS 5.4v4.0.0 to 5.5.12022-07-04
CVE-2022-26368 [MEDIUM] CVE-2022-26368: Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
nvd
CVE-2020-5587P4MEDIUMCVSS 6.5v4.0.0 to 5.0.12020-06-30
CVE-2020-5587 [MEDIUM] CVE-2020-5587: Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information v
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
nvd
CVE-2022-29892P4MEDIUMCVSS 6.5v4.0.0 to 5.5.12022-07-04
CVE-2022-29892 [MEDIUM] CWE-20 CVE-2022-29892: Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote aut
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
nvd
CVE-2017-2145P4MEDIUMCVSS 5.4v4.0.0 to 4.2.42017-07-07
CVE-2017-2145 [MEDIUM] CWE-384 CVE-2017-2145: Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform ar
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
nvd
CVE-2024-31403P4MEDIUMCVSS 5.4v5.0.0 to 6.0.02024-06-11
CVE-2024-31403 [MEDIUM] CWE-863 CVE-2024-31403: Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
nvd
CVE-2020-5562P4MEDIUMCVSS 4.9v4.6.0 to 4.6.32020-04-28
CVE-2020-5562 [MEDIUM] CWE-918 CVE-2020-5562: Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote att
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
nvd
CVE-2021-20764P4MEDIUMCVSS 5.3v4.0.0 to 5.0.22021-08-18
CVE-2021-20764 [MEDIUM] CWE-20 CVE-2021-20764: Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
nvd
CVE-2022-28713P4MEDIUMCVSS 5.3v4.10.0 to 5.5.12022-07-04
CVE-2022-28713 [MEDIUM] CWE-287 CVE-2022-28713: Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
nvd
CVE-2018-0533P4MEDIUMCVSS 4.9v3.0.0 to 4.2.62018-04-16
CVE-2018-0533 [MEDIUM] CVE-2018-0533: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to a
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
nvd
CVE-2017-2258P4MEDIUMCVSS 4.3v4.2.4 to 4.2.52017-08-29
CVE-2017-2258 [MEDIUM] CWE-22 CVE-2017-2258: Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitra
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
nvd
CVE-2023-26595P4MEDIUMCVSS 6.5v4.10.0 to 5.9.22023-05-23
CVE-2023-26595 [MEDIUM] CWE-400 CVE-2023-26595: Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote au
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
nvd
CVE-2024-31399P4MEDIUMCVSS 6.5v5.0.0 to 5.15.22024-06-11
CVE-2024-31399 [MEDIUM] CWE-400 CVE-2024-31399: Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2.
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
nvd
CVE-2026-20711P4MEDIUMCVSS 6.1v5.0.0 to 6.0.32026-02-02
CVE-2026-20711 [MEDIUM] CWE-79 CVE-2026-20711: Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
nvd
CVE-2026-22881P4MEDIUMCVSS 5.4v5.15.0 to 6.0.32026-02-02
CVE-2026-22881 [MEDIUM] CWE-79 CVE-2026-22881: Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, whic
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
nvd
CVE-2019-5930P4MEDIUMCVSS 4.3v4.0.0 to 4.6.32019-05-17
CVE-2019-5930 [MEDIUM] CVE-2019-5930: Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthor
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
nvd