Cybozu Garoon

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-29512 6.5 - Medium - July 11, 2022

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

AuthZ

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30602 8.1 - High - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30943 4.3 - Medium - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-31472 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions

CVE-2022-29892 6.5 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Allocation of Resources Without Limits or Throttling

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1

CVE-2022-27627 6.1 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

XSS

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26368 5.4 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Incorrect Permission Assignment for Critical Resource

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26054 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Incorrect Permission Assignment for Critical Resource

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26051 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Incorrect Permission Assignment for Critical Resource

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-29513 4.8 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

XSS

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0

CVE-2022-29484 8.1 - High - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

AuthZ

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon

CVE-2022-29471 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Exposure of Resource to Wrong Sphere

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28718 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

AuthZ

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

Exposure of Resource to Wrong Sphere

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1

CVE-2022-29467 4.3 - Medium - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Exposure of Resource to Wrong Sphere

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28692 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Incorrect Permission Assignment for Critical Resource

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Incorrect Permission Assignment for Critical Resource

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27803 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Improper Input Validation

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27661 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

AuthZ

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20765 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20766 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20767 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20768 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20769 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20770 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20771 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20772 4.3 - Medium - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

Information Disclosure

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may

CVE-2021-20773 4.3 - Medium - August 18, 2021

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20774 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20775 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

Improper Input Validation

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20756 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20764 5.3 - Medium - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.

Improper Input Validation

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20763 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20762 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20761 2.7 - Low - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20760 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.

Improper Input Validation

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20759 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20758 8 - High - August 18, 2021

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.

Session Riding

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20757 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20755 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20754 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20753 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2

CVE-2020-5643 6.5 - Medium - November 06, 2020

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.

Improper Input Validation

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5584 7.5 - High - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.

Information Disclosure

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5587 6.5 - Medium - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.

Information Disclosure

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1

CVE-2020-5586 4.8 - Medium - June 30, 2020

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1

CVE-2020-5585 4.8 - Medium - June 30, 2020

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.

XSS

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5583 6.5 - Medium - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.

Information Disclosure

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5582 4.3 - Medium - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.

AuthZ

Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5581 6.5 - Medium - June 30, 2020

Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.

Directory traversal

Cybozu Garoon 4.0.0 to 5.0.1

CVE-2020-5580 8.1 - High - June 30, 2020

Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.

Improper Privilege Management

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0

CVE-2020-5568 6.1 - Medium - April 28, 2020

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.

XSS

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5567 7.5 - High - April 28, 2020

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.

authentification

Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5566 4.3 - Medium - April 28, 2020

Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.

AuthZ

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5565 4.3 - Medium - April 28, 2020

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.

Improper Input Validation

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5564 6.1 - Medium - April 28, 2020

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.

XSS

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3

CVE-2020-5563 5.3 - Medium - April 28, 2020

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.

authentification

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3

CVE-2020-5562 4.9 - Medium - April 28, 2020

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.

XSPA

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3

CVE-2019-5991 7.6 - High - September 12, 2019

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

SQL Injection

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2

CVE-2019-5975 5.4 - Medium - September 12, 2019

DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Cybozu Garoon 4.0.0 to 4.10.2

CVE-2019-5976 4.9 - Medium - September 12, 2019

Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.

Improper Input Validation

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may

CVE-2019-5977 4.3 - Medium - September 12, 2019

Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.

Injection

Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2

CVE-2019-5978 6.1 - Medium - September 12, 2019

Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.

Open Redirect

Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5941 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3

CVE-2019-5928 6.1 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.

XSS

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3

CVE-2019-5929 6.1 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.

XSS

Cybozu Garoon 4.0.0 to 4.6.3

CVE-2019-5930 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.

Cybozu Garoon 4.0.0 to 4.6.3

CVE-2019-5931 8.7 - High - May 17, 2019

Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.

Improper Input Validation

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3

CVE-2019-5932 4.8 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.

XSS

Cybozu Garoon 4.0.0 to 4.10.0

CVE-2019-5933 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0

CVE-2019-5934 7.2 - High - May 17, 2019

SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.

SQL Injection

Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5935 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5936 5.4 - Medium - May 17, 2019

Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.

Directory traversal

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5937 5.4 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.

XSS

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5939 6.1 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.

XSS

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5940 6.1 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.

XSS

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5938 6.1 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.

XSS

Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5942 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.

Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5943 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.

Cybozu Garoon 4.0.0 to 4.10.1

CVE-2019-5944 4.3 - Medium - May 17, 2019

Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.

Cybozu Garoon 4.2.4 to 4.10.1

CVE-2019-5945 9.8 - Critical - May 17, 2019

Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1

CVE-2019-5946 6.1 - Medium - May 17, 2019

Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.

Open Redirect

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1

CVE-2019-5947 5.4 - Medium - May 17, 2019

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.

XSS

Cybozu Garoon 3.0.0 to 4.10.0

CVE-2018-16178 7.5 - High - January 09, 2019

Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.

Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3

CVE-2018-0673 8.1 - High - November 15, 2018

Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.

Directory traversal

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2

CVE-2018-0607 8.8 - High - July 26, 2018

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

SQL Injection

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1

CVE-2018-0551 5.4 - Medium - April 16, 2018

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Cybozu Garoon 3.5.0 to 4.6.1

CVE-2018-0550 4.3 - Medium - April 16, 2018

Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0

CVE-2018-0549 5.4 - Medium - April 16, 2018

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

XSS

Cybozu Garoon 4.0.0 to 4.6.0

CVE-2018-0548 4.3 - Medium - April 16, 2018

Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.

Cybozu Garoon 3.0.0 to 4.2.6

CVE-2018-0533 4.9 - Medium - April 16, 2018

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.

Cybozu Garoon 3.0.0 to 4.2.6

CVE-2018-0532 2.7 - Low - April 16, 2018

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.

XSS

Cybozu Garoon 3.0.0 to 4.2.6

CVE-2018-0531 4.3 - Medium - April 16, 2018

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.

SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6

CVE-2018-0530 8.8 - High - April 16, 2018

SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

SQL Injection

Cybozu Garoon 3.0.0 to 4.2.4 may

CVE-2017-2144 5.4 - Medium - July 07, 2017

Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.

Cybozu Garoon 3.0.0 to 4.2.3

CVE-2017-2095 4.3 - Medium - April 28, 2017

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.