Garoon@4.2.0 Security Vulnerabilities and Issues — Garoon@4.2.0 CVE List

Lucene search

CybozuGaroon4.2.0

30 matches found

CVE•added 2017/08/29 1:35 a.m.•48 views

CVE-2017-2257

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.

6.1CVSS6AI score0.00265EPSS

CVE•added 2016/06/19 3:59 p.m.•46 views

CVE-2016-1197

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.

6.1CVSS5.7AI score0.00322EPSS

CVE•added 2017/04/28 4:59 p.m.•44 views

CVE-2017-2092

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5.1AI score0.00235EPSS

CVE•added 2017/04/28 4:59 p.m.•44 views

CVE-2017-2093

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

4.3CVSS5AI score0.00297EPSS

CVE•added 2017/06/09 4:29 p.m.•43 views

CVE-2016-4910

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.

4.3CVSS4.5AI score0.00153EPSS

CVE•added 2017/04/28 4:59 p.m.•43 views

CVE-2017-2095

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

4.3CVSS4.6AI score0.00195EPSS

CVE•added 2017/07/07 1:29 p.m.•43 views

CVE-2017-2144

Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.

5.8CVSS5.3AI score0.00287EPSS

CVE•added 2017/04/28 4:59 p.m.•42 views

CVE-2017-2091

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

4.3CVSS4.6AI score0.00195EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2254

Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

4.9CVSS5.2AI score0.00371EPSS

CVE•added 2017/08/29 1:35 a.m.•42 views

CVE-2017-2256

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".

5.4CVSS5.7AI score0.00253EPSS

CVE•added 2017/07/07 1:29 p.m.•41 views

CVE-2017-2146

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.

4.8CVSS5.1AI score0.002EPSS

CVE•added 2017/08/29 1:35 a.m.•41 views

CVE-2017-2255

Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".

5.4CVSS5.4AI score0.00253EPSS

CVE•added 2017/04/21 2:59 p.m.•40 views

CVE-2016-1194

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.

6.5CVSS6.6AI score0.00821EPSS

CVE•added 2016/06/19 3:59 p.m.•40 views

CVE-2016-1195

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.3AI score0.00389EPSS

CVE•added 2017/07/07 1:29 p.m.•40 views

CVE-2017-2145

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

5.8CVSS5.5AI score0.00197EPSS

CVE•added 2016/06/19 8:59 p.m.•39 views

CVE-2016-1192

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

4.3CVSS4.7AI score0.00296EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7802

Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.

6.5CVSS6.3AI score0.03534EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7803

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

8.8CVSS8.8AI score0.01207EPSS

CVE•added 2016/06/25 9:59 p.m.•38 views

CVE-2016-1188

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

6.5CVSS6.7AI score0.00213EPSS

CVE•added 2016/06/25 9:59 p.m.•38 views

CVE-2016-1193

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

7.5CVSS7.3AI score0.00364EPSS

CVE•added 2016/06/19 8:59 p.m.•38 views

CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2017/04/28 4:59 p.m.•38 views

CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

4.3CVSS4.6AI score0.00153EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-4906

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.

6.1CVSS6.3AI score0.00324EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-4909

Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

4.3CVSS5.2AI score0.00232EPSS

CVE•added 2017/06/09 4:29 p.m.•37 views

CVE-2016-7801

Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.

4.3CVSS5AI score0.00283EPSS

CVE•added 2016/06/19 8:59 p.m.•36 views

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

5.3CVSS5.6AI score0.00596EPSS

CVE•added 2017/06/09 4:29 p.m.•34 views

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

8.8CVSS8.5AI score0.00317EPSS

CVE•added 2016/06/25 9:59 p.m.•33 views

CVE-2016-1189

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

8.1CVSS7.5AI score0.00214EPSS

CVE•added 2017/06/09 4:29 p.m.•33 views

CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

4.3CVSS4.6AI score0.00209EPSS

CVE•added 2016/06/25 9:59 p.m.•31 views

CVE-2016-1190

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

6.5CVSS6.7AI score0.00173EPSS