Garoon@3.0.2 Security Vulnerabilities and Issues — Garoon@3.0.2 CVE List

Lucene search

CybozuGaroon3.0.2

30 matches found

CVE•added 2017/08/29 1:35 a.m.•48 views

CVE-2017-2257

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

6.1CVSS6AI score0.00265EPSS

CVE•added 2014/05/02 10:55 a.m.•45 views

CVE-2014-1988

The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.

3.5CVSS6.3AI score0.00426EPSS

CVE•added 2014/07/20 11:12 a.m.•45 views

CVE-2014-1995

Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.4AI score0.00209EPSS

CVE•added 2017/04/28 4:59 p.m.•44 views

CVE-2017-2092

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.1AI score0.00235EPSS

CVE•added 2017/04/28 4:59 p.m.•44 views

CVE-2017-2093

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

4.3CVSS5AI score0.00297EPSS

CVE•added 2014/07/20 11:12 a.m.•43 views

CVE-2014-1994

Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.3AI score0.00209EPSS

CVE•added 2017/06/09 4:29 p.m.•43 views

CVE-2016-4910

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.

4.3CVSS4.5AI score0.00153EPSS

CVE•added 2017/04/28 4:59 p.m.•43 views

CVE-2017-2095

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

4.3CVSS4.6AI score0.00195EPSS

CVE•added 2017/07/07 1:29 p.m.•43 views

CVE-2017-2144

Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.

5.8CVSS5.3AI score0.00287EPSS

CVE•added 2017/04/28 4:59 p.m.•42 views

CVE-2017-2091

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

4.3CVSS4.6AI score0.00195EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2256

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

5.4CVSS5.7AI score0.00253EPSS

CVE•added 2017/07/07 1:29 p.m.•41 views

CVE-2017-2146

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.

4.8CVSS5.1AI score0.002EPSS

CVE•added 2014/01/29 5:37 a.m.•40 views

CVE-2013-6930

SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vect...

6.5CVSS7.9AI score0.00522EPSS

CVE•added 2016/06/19 8:59 p.m.•40 views

CVE-2015-7776

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2016/06/19 3:59 p.m.•40 views

CVE-2016-1195

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.3AI score0.00389EPSS

CVE•added 2014/07/20 11:12 a.m.•39 views

CVE-2014-1993

The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

4CVSS6.3AI score0.00207EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7802

Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

6.5CVSS6.3AI score0.03534EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7803

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

8.8CVSS8.8AI score0.01207EPSS

CVE•added 2015/10/08 8:59 p.m.•38 views

CVE-2015-5649

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privil...

7CVSS7AI score0.00161EPSS

CVE•added 2016/06/19 8:59 p.m.•38 views

CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2017/04/28 4:59 p.m.•38 views

CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

4.3CVSS4.6AI score0.00153EPSS

CVE•added 2015/10/12 10:59 a.m.•37 views

CVE-2015-5646

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.

8.5CVSS7.5AI score0.00728EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-4906

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.

6.1CVSS6.3AI score0.00324EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-4909

Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

4.3CVSS5.2AI score0.00232EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-7801

Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.

4.3CVSS5AI score0.00283EPSS

CVE•added 2016/06/19 8:59 p.m.•36 views

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

5.3CVSS5.6AI score0.00596EPSS

CVE•added 2014/05/02 10:55 a.m.•34 views

CVE-2014-1989

Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.

6CVSS6.2AI score0.00216EPSS

CVE•added 2015/10/12 10:59 a.m.•34 views

CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.

8.5CVSS7.5AI score0.00663EPSS

CVE•added 2017/06/09 4:29 p.m.•34 views

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

8.8CVSS8.5AI score0.00317EPSS

CVE•added 2017/06/09 4:29 p.m.•33 views

CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

4.3CVSS4.6AI score0.00209EPSS