Cybozu Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Cybozu product.
Products by Cybozu Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in Cybozu. Last year, in 2024 Cybozu had 6 security vulnerabilities published. Right now, Cybozu is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 6 | 5.75 |
2023 | 5 | 5.62 |
2022 | 32 | 5.24 |
2021 | 46 | 5.31 |
2020 | 16 | 5.88 |
2019 | 34 | 6.09 |
2018 | 20 | 5.55 |
It may take a day or so for new Cybozu vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cybozu Security Vulnerabilities
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data
CVE-2024-39817
6.5 - Medium
- August 06, 2024
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview
CVE-2024-39457
5.4 - Medium
- July 19, 2024
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in users web browser.
XSS
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2
CVE-2024-31402
4.3 - Medium
- June 11, 2024
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
AuthZ
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2
CVE-2024-31399
6.5 - Medium
- June 11, 2024
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2
CVE-2024-31398
4.3 - Medium
- June 11, 2024
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
Cybozu KUNAI for Android 3.0.20 to 3.0.21
CVE-2024-23304
7.5 - High
- February 06, 2024
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
Untrusted Path
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1
CVE-2023-46278
6.5 - Medium
- November 01, 2023
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
Resource Exhaustion
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2
CVE-2022-26838
6.5 - Medium
- August 03, 2023
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.
Directory traversal
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0
CVE-2023-27384
4.3 - Medium
- May 23, 2023
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2
CVE-2023-27304
4.3 - Medium
- May 23, 2023
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2
CVE-2023-26595
6.5 - Medium
- May 23, 2023
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
Resource Exhaustion
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3
CVE-2022-44608
7.5 - High
- December 07, 2022
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
Resource Exhaustion
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-33311
4.3 - Medium
- August 18, 2022
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-33151
6.1 - Medium
- August 18, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
XSS
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-32583
4.3 - Medium
- August 18, 2022
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-32544
4.3 - Medium
- August 18, 2022
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may
CVE-2022-32453
6.5 - Medium
- August 18, 2022
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
Injection
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-32283
4.3 - Medium
- August 18, 2022
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-30693
5.3 - Medium
- August 18, 2022
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
Information Disclosure
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-30604
6.1 - Medium
- August 18, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-29891
4.3 - Medium
- August 18, 2022
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5
CVE-2022-29487
6.1 - Medium
- August 18, 2022
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-28715
6.1 - Medium
- August 18, 2022
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5
CVE-2022-25986
4.3 - Medium
- August 18, 2022
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-31472
4.3 - Medium
- July 11, 2022
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-30943
4.3 - Medium
- July 11, 2022
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-30602
8.1 - High
- July 11, 2022
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1
CVE-2022-29512
6.5 - Medium
- July 11, 2022
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
Information Disclosure
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1
CVE-2022-27627
6.1 - Medium
- July 04, 2022
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
XSS
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26368
5.4 - Medium
- July 04, 2022
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26054
4.3 - Medium
- July 04, 2022
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-26051
4.3 - Medium
- July 04, 2022
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions
CVE-2022-29892
6.5 - Medium
- July 04, 2022
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
Improper Input Validation
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1
CVE-2022-29513
4.8 - Medium
- July 04, 2022
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
XSS
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0
CVE-2022-29484
8.1 - High
- July 04, 2022
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon
CVE-2022-29471
4.3 - Medium
- July 04, 2022
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1
CVE-2022-29467
4.3 - Medium
- July 04, 2022
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
Information Disclosure
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-28718
4.3 - Medium
- July 04, 2022
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1
CVE-2022-28713
5.3 - Medium
- July 04, 2022
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
authentification
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-28692
4.3 - Medium
- July 04, 2022
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
Improper Input Validation
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27807
4.3 - Medium
- July 04, 2022
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
Improper Input Validation
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27803
4.3 - Medium
- July 04, 2022
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
Improper Input Validation
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1
CVE-2022-27661
4.3 - Medium
- July 04, 2022
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9
CVE-2021-20807
6.1 - Medium
- October 13, 2021
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9
CVE-2021-20806
6.1 - Medium
- October 13, 2021
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Open Redirect
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9
CVE-2021-20805
5.4 - Medium
- October 13, 2021
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20804
6.5 - Medium
- October 13, 2021
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20803
5.4 - Medium
- October 13, 2021
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.
AuthZ
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20802
5.3 - Medium
- October 13, 2021
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.
Injection
Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20801
6.5 - Medium
- October 13, 2021
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.
XXE
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8
CVE-2021-20800
5.4 - Medium
- October 13, 2021
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20799
5.4 - Medium
- October 13, 2021
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20798
5.4 - Medium
- October 13, 2021
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8
CVE-2021-20797
5.4 - Medium
- October 13, 2021
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.
XSS
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8
CVE-2021-20796
6.5 - Medium
- October 13, 2021
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.
Directory traversal
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9
CVE-2021-20795
8.8 - High
- October 13, 2021
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
Session Riding
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0
CVE-2021-20775
4.3 - Medium
- August 18, 2021
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
Improper Input Validation
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0
CVE-2021-20774
5.4 - Medium
- August 18, 2021
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may
CVE-2021-20773
4.3 - Medium
- August 18, 2021
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0
CVE-2021-20772
4.3 - Medium
- August 18, 2021
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
Information Disclosure
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0
CVE-2021-20771
6.1 - Medium
- August 18, 2021
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20770
5.4 - Medium
- August 18, 2021
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20769
5.4 - Medium
- August 18, 2021
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20768
4.3 - Medium
- August 18, 2021
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20767
5.4 - Medium
- August 18, 2021
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20766
6.1 - Medium
- August 18, 2021
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20765
6.1 - Medium
- August 18, 2021
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
XSS
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20764
5.3 - Medium
- August 18, 2021
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
Improper Input Validation
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20763
4.3 - Medium
- August 18, 2021
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20762
4.3 - Medium
- August 18, 2021
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
Improper Input Validation
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20761
2.7 - Low
- August 18, 2021
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
Improper Input Validation
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20760
4.3 - Medium
- August 18, 2021
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
Improper Input Validation
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2
CVE-2021-20759
4.3 - Medium
- August 18, 2021
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
authentification
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20758
8 - High
- August 18, 2021
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
Session Riding
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20757
4.3 - Medium
- August 18, 2021
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
authentification
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20756
4.3 - Medium
- August 18, 2021
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20755
4.3 - Medium
- August 18, 2021
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20754
4.3 - Medium
- August 18, 2021
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
Improper Input Validation
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2
CVE-2021-20753
5.4 - Medium
- August 18, 2021
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
XSS
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20624
6.5 - Medium
- March 18, 2021
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20625
4.3 - Medium
- March 18, 2021
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20626
6.5 - Medium
- March 18, 2021
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20627
6.1 - Medium
- March 18, 2021
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20629
6.1 - Medium
- March 18, 2021
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
XSS
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20630
4.3 - Medium
- March 18, 2021
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
authentification
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20631
6.5 - Medium
- March 18, 2021
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
Improper Input Validation
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20632
4.3 - Medium
- March 18, 2021
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.
authentification
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20633
4.3 - Medium
- March 18, 2021
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4
CVE-2021-20634
4.3 - Medium
- March 18, 2021
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.
authentification
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2
CVE-2020-5643
6.5 - Medium
- November 06, 2020
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
Improper Input Validation
Cybozu Garoon 4.0.0 to 5.0.1
CVE-2020-5580
8.1 - High
- June 30, 2020
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
Improper Privilege Management
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1
CVE-2020-5581
6.5 - Medium
- June 30, 2020
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
Directory traversal
Cybozu Garoon 4.0.0 to 5.0.1
CVE-2020-5582
4.3 - Medium
- June 30, 2020
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
AuthZ
Cybozu Garoon 4.0.0 to 5.0.1
CVE-2020-5583
6.5 - Medium
- June 30, 2020
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
Information Disclosure
Cybozu Garoon 4.0.0 to 5.0.1
CVE-2020-5584
7.5 - High
- June 30, 2020
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
Information Disclosure
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1
CVE-2020-5585
4.8 - Medium
- June 30, 2020
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
XSS
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1
CVE-2020-5586
4.8 - Medium
- June 30, 2020
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
XSS
Cybozu Garoon 4.0.0 to 5.0.1
CVE-2020-5587
6.5 - Medium
- June 30, 2020
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
Information Disclosure
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3
CVE-2020-5562
4.9 - Medium
- April 28, 2020
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
SSRF