Garoon Security Vulnerabilities and Issues — Garoon CVE List

Lucene search

CybozuGaroon

14 matches found

CVE•added 2022/07/11 1:15 a.m.•58 views

CVE-2022-30602

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

8.1CVSS7.6AI score0.00396EPSS

CVE•added 2022/07/04 7:15 a.m.•51 views

CVE-2022-29484

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

8.1CVSS7.7AI score0.00396EPSS

CVE•added 2019/05/17 4:29 p.m.•40 views

CVE-2019-5931

Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.

8.7CVSS6.2AI score0.00407EPSS

CVE•added 2017/06/09 4:29 p.m.•39 views

CVE-2016-7803

SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.

8.8CVSS8.8AI score0.01207EPSS

CVE•added 2015/10/12 10:59 a.m.•37 views

CVE-2015-5646

Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.

8.5CVSS7.5AI score0.00728EPSS

CVE•added 2017/04/20 6:59 p.m.•37 views

CVE-2016-1218

SQL injection vulnerability in Cybozu Garoon before 4.2.2.

8.8CVSS9.4AI score0.00979EPSS

CVE•added 2018/04/16 2:29 p.m.•37 views

CVE-2018-0530

SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

8.8CVSS8.7AI score0.00644EPSS

CVE•added 2018/11/15 3:29 p.m.•37 views

CVE-2018-0673

Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.

8.1CVSS7.7AI score0.00575EPSS

CVE•added 2021/08/18 6:15 a.m.•37 views

CVE-2021-20758

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.

8CVSS7.7AI score0.00093EPSS

CVE•added 2018/07/26 5:29 p.m.•35 views

CVE-2018-0607

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

8.8CVSS8.7AI score0.00677EPSS

CVE•added 2020/06/30 11:15 a.m.•35 views

CVE-2020-5580

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.

8.1CVSS7.4AI score0.00215EPSS

CVE•added 2015/10/12 10:59 a.m.•34 views

CVE-2015-5647

The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.

8.5CVSS7.5AI score0.00663EPSS

CVE•added 2017/06/09 4:29 p.m.•34 views

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

8.8CVSS8.5AI score0.00317EPSS

CVE•added 2016/06/25 9:59 p.m.•33 views

CVE-2016-1189

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

8.1CVSS7.5AI score0.00214EPSS