Garoon@3.7.3 Security Vulnerabilities and Issues — Garoon@3.7.3 CVE List

Lucene search

CybozuGaroon3.7.3

29 matches found

CVE•added 2017/08/29 1:35 a.m.•48 views

CVE-2017-2257

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

6.1CVSS6AI score0.00265EPSS

CVE•added 2017/04/28 4:59 p.m.•44 views

CVE-2017-2092

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.1AI score0.00235EPSS

CVE•added 2017/04/28 4:59 p.m.•44 views

CVE-2017-2093

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

4.3CVSS5AI score0.00297EPSS

CVE•added 2017/06/09 4:29 p.m.•43 views

CVE-2016-4910

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.

4.3CVSS4.5AI score0.00153EPSS

CVE•added 2017/04/28 4:59 p.m.•43 views

CVE-2017-2095

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

4.3CVSS4.6AI score0.00195EPSS

CVE•added 2017/04/28 4:59 p.m.•42 views

CVE-2017-2091

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

4.3CVSS4.6AI score0.00195EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2254

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

4.9CVSS5.2AI score0.00371EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2256

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

5.4CVSS5.7AI score0.00253EPSS

CVE•added 2017/08/29 1:35 a.m.•41 views

CVE-2017-2255

Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".

5.4CVSS5.4AI score0.00253EPSS

CVE•added 2016/06/19 8:59 p.m.•40 views

CVE-2015-7776

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2016/06/19 3:59 p.m.•40 views

CVE-2016-1195

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.3AI score0.00389EPSS

CVE•added 2016/06/19 8:59 p.m.•39 views

CVE-2016-1192

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

4.3CVSS4.7AI score0.00296EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7802

Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

6.5CVSS6.3AI score0.03534EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7803

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

8.8CVSS8.8AI score0.01207EPSS

CVE•added 2015/10/08 8:59 p.m.•38 views

CVE-2015-5649

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privil...

7CVSS7AI score0.00161EPSS

CVE•added 2016/06/25 9:59 p.m.•38 views

CVE-2016-1188

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

6.5CVSS6.7AI score0.00213EPSS

CVE•added 2016/06/25 9:59 p.m.•38 views

CVE-2016-1193

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

7.5CVSS7.3AI score0.00364EPSS

CVE•added 2016/06/19 8:59 p.m.•38 views

CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2017/04/28 4:59 p.m.•38 views

CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

4.3CVSS4.6AI score0.00153EPSS

CVE•added 2015/10/12 10:59 a.m.•37 views

CVE-2015-5646

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.

8.5CVSS7.5AI score0.00728EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-4906

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.

6.1CVSS6.3AI score0.00324EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-4909

Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

4.3CVSS5.2AI score0.00232EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-7801

Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.

4.3CVSS5AI score0.00283EPSS

CVE•added 2016/06/19 8:59 p.m.•36 views

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

5.3CVSS5.6AI score0.00596EPSS

CVE•added 2015/10/12 10:59 a.m.•34 views

CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.

8.5CVSS7.5AI score0.00663EPSS

CVE•added 2017/06/09 4:29 p.m.•34 views

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

8.8CVSS8.5AI score0.00317EPSS

CVE•added 2016/06/25 9:59 p.m.•33 views

CVE-2016-1189

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

8.1CVSS7.5AI score0.00214EPSS

CVE•added 2017/06/09 4:29 p.m.•33 views

CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

4.3CVSS4.6AI score0.00209EPSS

CVE•added 2016/06/25 9:59 p.m.•31 views

CVE-2016-1190

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

6.5CVSS6.7AI score0.00173EPSS