Garoon@* Security Vulnerabilities and Issues — Garoon@* CVE List

Lucene search

CybozuGaroon*

6 matches found

CVE•added 2024/06/11 5:15 a.m.•59 views

CVE-2024-31403

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

5.4CVSS6.6AI score0.00351EPSS

CVE•added 2024/07/19 9:15 a.m.•58 views

CVE-2024-39457

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.

5.4CVSS6.3AI score0.00198EPSS

CVE•added 2024/06/11 6:15 a.m.•50 views

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

6.5CVSS6.7AI score0.00245EPSS

CVE•added 2024/06/11 5:15 a.m.•50 views

CVE-2024-31404

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

4.3CVSS6.4AI score0.00364EPSS

CVE•added 2024/06/11 6:15 a.m.•48 views

CVE-2024-31398

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

4.3CVSS6.6AI score0.00364EPSS

CVE•added 2024/06/11 6:15 a.m.•45 views

CVE-2024-31402

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

4.3CVSS6.8AI score0.00372EPSS