Garoon
by Cybozu
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31403 | 0.00 | — | 0.00 | Jun 11, 2024 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. | |||
| CVE-2024-31401 | 0.00 | — | 0.01 | Jun 11, 2024 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. | |||
| CVE-2024-31400 | 0.00 | — | 0.00 | Jun 11, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | |||
| CVE-2023-27304 | 0.00 | — | 0.01 | May 23, 2023 | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | |||
| CVE-2023-26595 | 0.00 | — | 0.01 | May 23, 2023 | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | |||
| CVE-2023-27384 | 0.00 | — | 0.01 | May 23, 2023 | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | |||
| CVE-2022-31472 | 0.00 | — | 0.01 | Jul 11, 2022 | Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | |||
| CVE-2022-30943 | 0.00 | — | 0.01 | Jul 11, 2022 | Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | |||
| CVE-2022-30602 | 0.00 | — | 0.01 | Jul 11, 2022 | Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | |||
| CVE-2022-29512 | 0.00 | — | 0.01 | Jul 11, 2022 | Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. | |||
| CVE-2022-29892 | 0.00 | — | 0.01 | Jul 4, 2022 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | |||
| CVE-2022-29513 | 0.00 | — | 0.00 | Jul 4, 2022 | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | |||
| CVE-2022-29484 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | |||
| CVE-2022-29471 | 0.00 | — | 0.01 | Jul 4, 2022 | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | |||
| CVE-2022-29467 | 0.00 | — | 0.01 | Jul 4, 2022 | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | |||
| CVE-2022-28718 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. | |||
| CVE-2022-28713 | 0.00 | — | 0.01 | Jul 4, 2022 | Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. | |||
| CVE-2022-28692 | 0.00 | — | 0.01 | Jul 4, 2022 | Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. | |||
| CVE-2022-27807 | 0.00 | — | 0.01 | Jul 4, 2022 | Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. | |||
| CVE-2022-27803 | 0.00 | — | 0.01 | Jul 4, 2022 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. |
- CVE-2024-31403Jun 11, 2024risk 0.00cvss —epss 0.00
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
- CVE-2024-31401Jun 11, 2024risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
- CVE-2024-31400Jun 11, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
- CVE-2023-27304May 23, 2023risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
- CVE-2023-26595May 23, 2023risk 0.00cvss —epss 0.01
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
- CVE-2023-27384May 23, 2023risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
- CVE-2022-31472Jul 11, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
- CVE-2022-30943Jul 11, 2022risk 0.00cvss —epss 0.01
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
- CVE-2022-30602Jul 11, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
- CVE-2022-29512Jul 11, 2022risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
- CVE-2022-29892Jul 4, 2022risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
- CVE-2022-29513Jul 4, 2022risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
- CVE-2022-29484Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
- CVE-2022-29471Jul 4, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
- CVE-2022-29467Jul 4, 2022risk 0.00cvss —epss 0.01
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
- CVE-2022-28718Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
- CVE-2022-28713Jul 4, 2022risk 0.00cvss —epss 0.01
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
- CVE-2022-28692Jul 4, 2022risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
- CVE-2022-27807Jul 4, 2022risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
- CVE-2022-27803Jul 4, 2022risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
Page 4 of 10