Cybozu Garoon@* Security Vulnerabilities and Issues — Page 3 of Cybozu Garoon@* CVE List

Lucene search

CybozuCybozu Garoon*

123 matches found

CVE•added 2018/04/16 2:29 p.m.•36 views

CVE-2018-0551

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.5AI score0.00171EPSS

CVE•added 2019/05/17 4:29 p.m.•36 views

CVE-2019-5938

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.

6.1CVSS5.5AI score0.0026EPSS

CVE•added 2019/05/17 4:29 p.m.•36 views

CVE-2019-5941

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.

4.3CVSS4.6AI score0.00188EPSS

CVE•added 2021/08/18 6:15 a.m.•36 views

CVE-2021-20769

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

5.4CVSS5.3AI score0.00209EPSS

CVE•added 2018/04/16 2:29 p.m.•35 views

CVE-2018-0548

Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.

5CVSS5AI score0.00141EPSS

CVE•added 2018/04/16 2:29 p.m.•35 views

CVE-2018-0550

Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.

4.3CVSS5AI score0.00135EPSS

CVE•added 2018/07/26 5:29 p.m.•35 views

CVE-2018-0607

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

8.8CVSS8.7AI score0.00677EPSS

CVE•added 2019/05/17 4:29 p.m.•35 views

CVE-2019-5947

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.

5.4CVSS4.8AI score0.00195EPSS

CVE•added 2020/06/30 11:15 a.m.•35 views

CVE-2020-5580

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.

8.1CVSS7.4AI score0.00215EPSS

CVE•added 2020/06/30 11:15 a.m.•35 views

CVE-2020-5584

Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.

7.5CVSS7.4AI score0.004EPSS

CVE•added 2020/06/30 11:15 a.m.•35 views

CVE-2020-5587

Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.

6.5CVSS6.3AI score0.00249EPSS

CVE•added 2021/08/18 6:15 a.m.•35 views

CVE-2021-20756

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

4.3CVSS4.6AI score0.00157EPSS

CVE•added 2021/08/18 6:15 a.m.•35 views

CVE-2021-20761

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

3.5CVSS4.3AI score0.00147EPSS

CVE•added 2021/08/18 6:15 a.m.•35 views

CVE-2021-20768

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

4.3CVSS4.7AI score0.00193EPSS

CVE•added 2021/08/18 6:15 a.m.•35 views

CVE-2021-20775

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

4.3CVSS4.6AI score0.0016EPSS

CVE•added 2017/06/09 4:29 p.m.•34 views

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

8.8CVSS8.5AI score0.00317EPSS

CVE•added 2017/06/09 4:29 p.m.•33 views

CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

4.3CVSS4.6AI score0.00209EPSS

CVE•added 2019/05/17 4:29 p.m.•33 views

CVE-2019-5930

Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.

4.3CVSS5.1AI score0.00153EPSS

CVE•added 2019/05/17 4:29 p.m.•33 views

CVE-2019-5940

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.

6.1CVSS5.5AI score0.0026EPSS

CVE•added 2019/01/09 11:29 p.m.•32 views

CVE-2018-16178

Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.

7.5CVSS7.4AI score0.0023EPSS

CVE•added 2020/06/30 11:15 a.m.•32 views

CVE-2020-5581

Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.

6.5CVSS6.2AI score0.00276EPSS

CVE•added 2020/06/30 11:15 a.m.•32 views

CVE-2020-5585

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.

4.8CVSS5.6AI score0.00403EPSS

CVE•added 2020/06/30 11:15 a.m.•29 views

CVE-2020-5588

Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.

4.9CVSS5.5AI score0.00417EPSS

Total number of security vulnerabilities123