Cybozu Cybozu Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Cybozu product.

RSS Feeds for Cybozu security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Cybozu products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Cybozu Sorted by Most Security Vulnerabilities since 2018

Cybozu Garoon105 vulnerabilities

Cybozu Office35 vulnerabilities

Cybozu Remote Service Manager16 vulnerabilities

Cybozu Mailwise4 vulnerabilities

Cybozu Remote Service2 vulnerabilities

Cybozu Dezie1 vulnerability

Cybozu Kunai1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Cybozu. Last year, in 2024 Cybozu had 8 security vulnerabilities published. Right now, Cybozu is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 8 5.75
2023 5 5.62
2022 32 5.24
2021 46 5.31
2020 16 5.88
2019 34 6.09
2018 20 5.55

It may take a day or so for new Cybozu vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cybozu Security Vulnerabilities

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data

CVE-2024-39817 6.5 - Medium - August 06, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview

CVE-2024-39457 5.4 - Medium - July 19, 2024

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in users web browser.

XSS

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31398 4.3 - Medium - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31399 6.5 - Medium - June 11, 2024

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31402 4.3 - Medium - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

AuthZ

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0

CVE-2024-31403 - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may

CVE-2024-31404 - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

Cybozu KUNAI for Android 3.0.20 to 3.0.21

CVE-2024-23304 7.5 - High - February 06, 2024

Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.

Untrusted Path

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1

CVE-2023-46278 6.5 - Medium - November 01, 2023

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.

Resource Exhaustion

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2

CVE-2022-26838 6.5 - Medium - August 03, 2023

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

Directory traversal

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2

CVE-2023-26595 6.5 - Medium - May 23, 2023

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

Resource Exhaustion

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2

CVE-2023-27304 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0

CVE-2023-27384 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3

CVE-2022-44608 7.5 - High - December 07, 2022

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.

Resource Exhaustion

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-25986 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-28715 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5

CVE-2022-29487 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-29891 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-30604 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-30693 5.3 - Medium - August 18, 2022

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

Information Disclosure

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-32283 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may

CVE-2022-32453 6.5 - Medium - August 18, 2022

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.

Injection

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-32544 4.3 - Medium - August 18, 2022

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-32583 4.3 - Medium - August 18, 2022

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-33151 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

XSS

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-33311 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-29512 6.5 - Medium - July 11, 2022

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

Information Disclosure

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30602 8.1 - High - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30943 4.3 - Medium - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-31472 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions

CVE-2022-29892 6.5 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Improper Input Validation

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1

CVE-2022-27627 6.1 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

XSS

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26368 5.4 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26054 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26051 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-29513 4.8 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

XSS

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0

CVE-2022-29484 8.1 - High - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon

CVE-2022-29471 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28718 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27661 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27803 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Improper Input Validation

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Improper Input Validation

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1

CVE-2022-29467 4.3 - Medium - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Information Disclosure

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

authentification

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28692 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Improper Input Validation

Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20801 6.5 - Medium - October 13, 2021

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

XXE

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20802 5.3 - Medium - October 13, 2021

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

Injection

Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20804 6.5 - Medium - October 13, 2021

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9

CVE-2021-20807 6.1 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20803 5.4 - Medium - October 13, 2021

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

AuthZ

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.