CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
53.9%
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
[CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
[CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
[CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
[CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
[CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N | Base Score: 4.1 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N | Base Score: 5.0 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:H/Au:N/C:P/I:N/A:N | Base Score: 2.6 |
[CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
[CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
[CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
[CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
[CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
[CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
[CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
[CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
[CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L | Base Score: 5.4 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:P | Base Score: 5.5 |
[CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
[CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:N/A:N | Base Score: 4.0 |
Update the Software
Update to the latest version according to the information provided by the developer.
[CyVDB-1782], [CyVDB-2029], [CyVDB-2071], [CyVDB-2085], [CyVDB-2092], [CyVDB-2099], [CyVDB-2234], [CyVDB-2245], [CyVDB-2283], [CyVDB-2368], [CyVDB-2374], [CyVDB-2388], [CyVDB-2406], [CyVDB-2407], [CyVDB-2446], [CyVDB-2448]
Cybozu Garoon 4.0.0 to 5.0.2
[CyVDB-2103], [CyVDB-2568], [CyVDB-2659]
Cybozu Garoon 4.6.0 to 5.0.2
[CyVDB-2193], [CyVDB-2755], [CyVDB-2766]
Cybozu Garoon 4.0.0 to 5.5.0
[CyVDB-2479], [CyVDB-2903]
Cybozu Garoon 4.10.0 to 5.5.0
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
53.9%