Garoon Cybozu Garoon

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Cybozu Garoon.

By the Year

In 2025 there have been 0 vulnerabilities in Cybozu Garoon. Last year, in 2024 Garoon had 6 security vulnerabilities published. Right now, Garoon is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 6 5.13
2023 3 5.03
2022 19 5.16
2021 23 4.91
2020 16 5.88
2019 26 5.74
2018 10 5.70

It may take a day or so for new Garoon vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cybozu Garoon Security Vulnerabilities

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview

CVE-2024-39457 5.4 - Medium - July 19, 2024

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in users web browser.

XSS

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31398 4.3 - Medium - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31399 6.5 - Medium - June 11, 2024

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31402 4.3 - Medium - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

AuthZ

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0

CVE-2024-31403 - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may

CVE-2024-31404 - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2

CVE-2023-26595 6.5 - Medium - May 23, 2023

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

Resource Exhaustion

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2

CVE-2023-27304 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0

CVE-2023-27384 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-29512 6.5 - Medium - July 11, 2022

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

Information Disclosure

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30602 8.1 - High - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30943 4.3 - Medium - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-31472 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26054 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1

CVE-2022-27627 6.1 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

XSS

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26368 5.4 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26051 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions

CVE-2022-29892 6.5 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-29513 4.8 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

XSS

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0

CVE-2022-29484 8.1 - High - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon

CVE-2022-29471 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28718 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

authentification

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28692 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Improper Input Validation

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Improper Input Validation

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1

CVE-2022-29467 4.3 - Medium - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Information Disclosure

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27803 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Improper Input Validation

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27661 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20775 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

Improper Input Validation

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20774 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may

CVE-2021-20773 4.3 - Medium - August 18, 2021

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20772 4.3 - Medium - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

Information Disclosure

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20771 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20770 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20769 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20768 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20767 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20766 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20765 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20764 5.3 - Medium - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.

Improper Input Validation

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20762 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20753 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20754 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.

Improper Input Validation

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20755 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20756 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20757 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20759 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20763 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20761 2.7 - Low - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20760 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cybozu Garoon or by Cybozu? Click the Watch button to subscribe.

Cybozu
Vendor

Cybozu Garoon
Product

subscribe