Cybozu Garoon

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview

CVE-2024-39457 5.4 - Medium - July 19, 2024

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in users web browser.

XSS

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31398 4.3 - Medium - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31399 6.5 - Medium - June 11, 2024

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2

CVE-2024-31402 4.3 - Medium - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

AuthZ

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0

CVE-2024-31403 - June 11, 2024

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may

CVE-2024-31404 - June 11, 2024

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2

CVE-2023-26595 6.5 - Medium - May 23, 2023

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

Resource Exhaustion

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2

CVE-2023-27304 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0

CVE-2023-27384 4.3 - Medium - May 23, 2023

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-29512 6.5 - Medium - July 11, 2022

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

Information Disclosure

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30602 8.1 - High - July 11, 2022

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1

CVE-2022-30943 4.3 - Medium - July 11, 2022

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-31472 4.3 - Medium - July 11, 2022

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26054 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1

CVE-2022-27627 6.1 - Medium - July 04, 2022

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

XSS

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26368 5.4 - Medium - July 04, 2022

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-26051 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions

CVE-2022-29892 6.5 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-29513 4.8 - Medium - July 04, 2022

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

XSS

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0

CVE-2022-29484 8.1 - High - July 04, 2022

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon

CVE-2022-29471 4.3 - Medium - July 04, 2022

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28718 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1

CVE-2022-28713 5.3 - Medium - July 04, 2022

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

authentification

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-28692 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Improper Input Validation

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27807 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Improper Input Validation

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1

CVE-2022-29467 4.3 - Medium - July 04, 2022

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Information Disclosure

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27803 4.3 - Medium - July 04, 2022

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Improper Input Validation

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1

CVE-2022-27661 4.3 - Medium - July 04, 2022

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20775 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

Improper Input Validation

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20774 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may

CVE-2021-20773 4.3 - Medium - August 18, 2021

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0

CVE-2021-20772 4.3 - Medium - August 18, 2021

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

Information Disclosure

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0

CVE-2021-20771 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20770 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20769 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20768 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20767 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20766 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20765 6.1 - Medium - August 18, 2021

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20764 5.3 - Medium - August 18, 2021

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.

Improper Input Validation

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20762 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20753 5.4 - Medium - August 18, 2021

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

XSS

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20754 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.

Improper Input Validation

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20755 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20756 4.3 - Medium - August 18, 2021

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20757 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2

CVE-2021-20759 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

authentification

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20763 4.3 - Medium - August 18, 2021

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20761 2.7 - Low - August 18, 2021

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

Improper Input Validation

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2

CVE-2021-20760 4.3 - Medium - August 18, 2021

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.

Improper Input Validation