Cybozu Inc Cybozu Garoon vulnerabilities
127 known vulnerabilities affecting cybozu_inc/cybozu_garoon.
Total CVEs
127
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM108LOW2
Vulnerabilities
Page 4 of 7
CVE-2019-5944P4MEDIUMCVSS 4.3v4.0.0 to 4.10.12019-05-17
CVE-2019-5944 [MEDIUM] CVE-2019-5944: Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alt
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
nvd
CVE-2016-4910P4MEDIUMCVSS 4.3v3.0.0 to 4.2.22017-06-09
CVE-2016-4910 [MEDIUM] CWE-284 CVE-2016-4910: Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to d
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
nvd
CVE-2017-2094P4MEDIUMCVSS 4.3v3.0.0 to 4.2.32017-04-28
CVE-2017-2094 [MEDIUM] CWE-269 CVE-2017-2094: Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in W
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
nvd
CVE-2018-0550P4MEDIUMCVSS 4.3v3.5.0 to 4.6.12018-04-16
CVE-2018-0550 [MEDIUM] CVE-2018-0550: Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to v
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
nvd
CVE-2018-0531P4MEDIUMCVSS 4.3v3.0.0 to 4.2.62018-04-16
CVE-2018-0531 [MEDIUM] CVE-2018-0531: Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to v
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
nvd
CVE-2021-20768P4MEDIUMCVSS 4.3v4.0.0 to 5.0.22021-08-18
CVE-2021-20768 [MEDIUM] CVE-2021-20768: Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
nvd
CVE-2021-20757P4MEDIUMCVSS 4.3v4.0.0 to 5.0.22021-08-18
CVE-2021-20757 [MEDIUM] CVE-2021-20757: Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
nvd
CVE-2021-20759P4MEDIUMCVSS 4.3v4.6.0 to 5.0.22021-08-18
CVE-2021-20759 [MEDIUM] CVE-2021-20759: Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a r
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
nvd
CVE-2022-27661P4MEDIUMCVSS 4.3v4.0.0 to 5.5.12022-07-04
CVE-2022-27661 [MEDIUM] CVE-2022-27661: Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remo
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
nvd
CVE-2023-27384P4MEDIUMCVSS 4.3v5.15.02023-05-23
CVE-2023-27384 [MEDIUM] CWE-863 CVE-2023-27384: Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote au
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
nvd
CVE-2016-4906P4MEDIUMCVSS 6.1v3.0.0 to 4.2.22017-06-09
CVE-2016-4906 [MEDIUM] CWE-79 CVE-2016-4906: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
nvd
CVE-2019-5928P4MEDIUMCVSS 6.1v4.0.0 to 4.6.32019-05-17
CVE-2019-5928 [MEDIUM] CWE-79 CVE-2019-5928: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
nvd
CVE-2019-5929P4MEDIUMCVSS 6.1v4.0.0 to 4.6.32019-05-17
CVE-2019-5929 [MEDIUM] CWE-79 CVE-2019-5929: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
nvd
CVE-2019-5938P4MEDIUMCVSS 6.1v4.0.0 to 4.10.12019-05-17
CVE-2019-5938 [MEDIUM] CWE-79 CVE-2019-5938: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to injec
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
nvd
CVE-2020-5564P4MEDIUMCVSS 6.1v4.0.0 to 4.10.32020-04-28
CVE-2020-5564 [MEDIUM] CWE-79 CVE-2020-5564: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to injec
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
nvd
CVE-2017-2257P4MEDIUMCVSS 6.1v3.0.0 to 4.2.52017-08-29
CVE-2017-2257 [MEDIUM] CWE-79 CVE-2017-2257: Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbi
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
nvd
CVE-2019-5937P4MEDIUMCVSS 5.4v4.0.0 to 4.10.12019-05-17
CVE-2019-5937 [MEDIUM] CWE-79 CVE-2019-5937: Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated atta
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
nvd
CVE-2021-20753P4MEDIUMCVSS 5.4v4.0.0 to 5.0.22021-08-18
CVE-2021-20753 [MEDIUM] CWE-79 CVE-2021-20753: Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote auth
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20770P4MEDIUMCVSS 5.4v4.6.0 to 5.0.22021-08-18
CVE-2021-20770 [MEDIUM] CWE-79 CVE-2021-20770: Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authen
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd
CVE-2021-20769P4MEDIUMCVSS 5.4v4.6.0 to 5.0.22021-08-18
CVE-2021-20769 [MEDIUM] CWE-79 CVE-2021-20769: Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authe
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
nvd