Cybozu Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone

Do you want an email whenever new security vulnerabilities are reported in any Cybozu product?

Products by Cybozu Sorted by Most Security Vulnerabilities since 2018

 

Cybozu Garoon96 vulnerabilities

 

Cybozu Office34 vulnerabilities

 

Cybozu Remote Service Manager15 vulnerabilities

 

Cybozu Mailwise4 vulnerabilities

 

Cybozu Remote Service1 vulnerability

 

Cybozu Dezie1 vulnerability

@cybozu Tweets

RT @cybozushiki: サイボウズUI/UXデザイナーがサンフランシスコに1ヶ月出張✈️ 現地での仕事や生活の様子をお届けします。 海外で働きたいデザイナー必見�� 「日本でつくったソフトウェアを世界のみんなに使ってもらいたい」 ▼本編はコチラ https://t…
Mon Mar 20 07:57:58 +0000 2023

RT @cybozu_kintone: ✨今年もやります✨ \キントーン1年間無料キャンペーン/ 自治体のDX促進を支援するため【60自治体限定】で全職員が1年間無料でキントーンをご利用いただけるキャンペーンを実施します! ▼詳細やお申し込み方法はこちらから https:/…
Mon Mar 20 05:44:07 +0000 2023

サイボウズ、起業家らを支援する新規事業 「Cybozu for Challengers」の参加企業を募集 https://t.co/uMDMU3QK0A
Fri Mar 17 02:03:23 +0000 2023

RT @cybozu_kintone: \アトツギ事例と交流会のイベント開催/#kintone を活用する経営者様3名が登壇します。導入検討中の方、うまく使いこなせていない方、バリバリ活用中の方、どなたでもご参加いただけます✨オンライン配信もあり。https://t.co/mI…
Tue Mar 14 00:55:10 +0000 2023

RT @cybozushiki: 新着記事�� 繊細さ(HSP)という「性質」は変えられなくても、その「苦痛」は和らげられる。精神科医の西脇俊二さんに、繊細さにまつわる悩みの原因と対処法をききました。 ��繊細さは「どうにもならないもの」ではない。「期待をしないこと」こそが、働…
Wed Mar 08 23:12:54 +0000 2023

By the Year

In 2023 there have been 0 vulnerabilities in Cybozu . Last year Cybozu had 32 security vulnerabilities published. Right now, Cybozu is on track to have less security vulnerabilities in 2023 than it did last year.

Year Vulnerabilities Average Score
2023 0 0.00
2022 32 5.24
2021 46 5.31
2020 16 5.88
2019 34 6.09
2018 20 5.55

It may take a day or so for new Cybozu vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cybozu Security Vulnerabilities

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3

CVE-2022-44608 7.5 - High - December 07, 2022

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.

Resource Exhaustion

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-33311 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.

Incorrect Permission Assignment for Critical Resource

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-33151 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

XSS

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-32583 4.3 - Medium - August 18, 2022

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

Incorrect Permission Assignment for Critical Resource

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-32544 4.3 - Medium - August 18, 2022

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

Incorrect Permission Assignment for Critical Resource

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may

CVE-2022-32453 6.5 - Medium - August 18, 2022

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.

Injection

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-32283 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-30693 5.3 - Medium - August 18, 2022

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

Information Disclosure

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-30604 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-29891 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5

CVE-2022-29487 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-28715 6.1 - Medium - August 18, 2022

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5

CVE-2022-25986 4.3 - Medium - August 18, 2022

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

Exposure of Resource to Wrong Sphere

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-31472 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30943 4.3 - Medium - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30602 8.1 - High - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-29512 6.5 - Medium - July 11, 2022

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

AuthZ

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1

CVE-2022-27627 6.1 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

XSS

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26368 5.4 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Incorrect Permission Assignment for Critical Resource

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26054 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Incorrect Permission Assignment for Critical Resource

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26051 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Incorrect Permission Assignment for Critical Resource

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions

CVE-2022-29892 6.5 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Allocation of Resources Without Limits or Throttling

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-29513 4.8 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

XSS

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0

CVE-2022-29484 8.1 - High - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

AuthZ

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon

CVE-2022-29471 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Exposure of Resource to Wrong Sphere

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1

CVE-2022-29467 4.3 - Medium - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Exposure of Resource to Wrong Sphere

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28718 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

AuthZ

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

Exposure of Resource to Wrong Sphere

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28692 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Incorrect Permission Assignment for Critical Resource

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Incorrect Permission Assignment for Critical Resource

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27803 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Improper Input Validation

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27661 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

AuthZ

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9

CVE-2021-20807 6.1 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9

CVE-2021-20806 6.1 - Medium - October 13, 2021

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Open Redirect

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9

CVE-2021-20805 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20804 6.5 - Medium - October 13, 2021

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20803 5.4 - Medium - October 13, 2021

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

AuthZ

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20802 5.3 - Medium - October 13, 2021

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

Injection

Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20801 6.5 - Medium - October 13, 2021

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

XXE

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8

CVE-2021-20800 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20799 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20798 5.4 - Medium - October 13, 2021

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8

CVE-2021-20797 5.4 - Medium - October 13, 2021

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

XSS

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8

CVE-2021-20796 6.5 - Medium - October 13, 2021

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

Directory traversal

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9

CVE-2021-20795 8.8 - High - October 13, 2021

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

Session Riding

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20775 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

Improper Input Validation

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20774 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may

CVE-2021-20773 4.3 - Medium - August 18, 2021

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20772 4.3 - Medium - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

Information Disclosure

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20771 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20770 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20769 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20768 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20767 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20766 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20765 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20764 5.3 - Medium - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.

Improper Input Validation

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20763 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20762 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20761 2.7 - Low - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20760 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.

Improper Input Validation

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20759 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20758 8 - High - August 18, 2021

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.

Session Riding

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20757 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20756 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20755 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20754 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20753 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20624 6.5 - Medium - March 18, 2021

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20625 4.3 - Medium - March 18, 2021

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20626 6.5 - Medium - March 18, 2021

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20627 6.1 - Medium - March 18, 2021

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20629 6.1 - Medium - March 18, 2021

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.

XSS

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20630 4.3 - Medium - March 18, 2021

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.

authentification

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20631 6.5 - Medium - March 18, 2021

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.

Improper Input Validation

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20632 4.3 - Medium - March 18, 2021

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.

authentification

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20633 4.3 - Medium - March 18, 2021

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4

CVE-2021-20634 4.3 - Medium - March 18, 2021

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.

authentification

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2

CVE-2020-5643 6.5 - Medium - November 06, 2020

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.

Improper Input Validation

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5580 8.1 - High - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.

Improper Privilege Management

Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5581 6.5 - Medium - June 30, 2020

Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.

Directory traversal

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5582 4.3 - Medium - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.

AuthZ

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5583 6.5 - Medium - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.

Information Disclosure

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5584 7.5 - High - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.

Information Disclosure

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1

CVE-2020-5585 4.8 - Medium - June 30, 2020

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1

CVE-2020-5586 4.8 - Medium - June 30, 2020

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.

XSS

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5587 6.5 - Medium - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.

Information Disclosure

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3

CVE-2020-5562 4.9 - Medium - April 28, 2020

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.

XSPA

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5563 5.3 - Medium - April 28, 2020

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.

authentification

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5564 6.1 - Medium - April 28, 2020

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.

XSS

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5565 4.3 - Medium - April 28, 2020

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.

Improper Input Validation

Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5566 4.3 - Medium - April 28, 2020

Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.

AuthZ

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5567 7.5 - High - April 28, 2020

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.

authentification

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0

CVE-2020-5568 6.1 - Medium - April 28, 2020

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.

XSS

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3

CVE-2019-6022 6.5 - Medium - December 26, 2019

Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.

Directory traversal

Cybozu Office 10.0.0 to 10.8.3

CVE-2019-6023 4.3 - Medium - December 26, 2019

Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2

CVE-2019-5975 5.4 - Medium - September 12, 2019

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Cybozu Garoon 4.0.0 to 4.10.2

CVE-2019-5976 4.9 - Medium - September 12, 2019

Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.

Improper Input Validation

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may

CVE-2019-5977 4.3 - Medium - September 12, 2019

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.

Injection

Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2

CVE-2019-5978 6.1 - Medium - September 12, 2019

Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.

Open Redirect

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.