Garoon
by Cybozu
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20760 | 0.00 | — | 0.01 | Aug 18, 2021 | Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege. | |||
| CVE-2021-20759 | 0.00 | — | 0.01 | Aug 18, 2021 | Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege. | |||
| CVE-2021-20758 | 0.00 | — | 0.00 | Aug 18, 2021 | Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors. | |||
| CVE-2021-20757 | 0.00 | — | 0.01 | Aug 18, 2021 | Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege. | |||
| CVE-2021-20756 | 0.00 | — | 0.01 | Aug 18, 2021 | Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege. | |||
| CVE-2021-20755 | 0.00 | — | 0.01 | Aug 18, 2021 | Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege. | |||
| CVE-2021-20754 | 0.00 | — | 0.01 | Aug 18, 2021 | Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege. | |||
| CVE-2021-20753 | 0.00 | — | 0.01 | Aug 18, 2021 | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2020-5643 | 0.00 | — | 0.02 | Nov 6, 2020 | Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. | |||
| CVE-2020-5588 | 0.00 | — | 0.01 | Jun 30, 2020 | Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5587 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5585 | 0.00 | — | 0.01 | Jun 30, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | |||
| CVE-2020-5586 | 0.00 | — | 0.01 | Jun 30, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | |||
| CVE-2020-5583 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors. | |||
| CVE-2020-5584 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5581 | 0.00 | — | 0.02 | Jun 30, 2020 | Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5582 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors. | |||
| CVE-2020-5580 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. | |||
| CVE-2020-5568 | 0.00 | — | 0.01 | Apr 28, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. | |||
| CVE-2020-5567 | 0.00 | — | 0.01 | Apr 28, 2020 | Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu. |
- CVE-2021-20760Aug 18, 2021risk 0.00cvss —epss 0.01
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
- CVE-2021-20759Aug 18, 2021risk 0.00cvss —epss 0.01
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
- CVE-2021-20758Aug 18, 2021risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
- CVE-2021-20757Aug 18, 2021risk 0.00cvss —epss 0.01
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
- CVE-2021-20756Aug 18, 2021risk 0.00cvss —epss 0.01
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
- CVE-2021-20755Aug 18, 2021risk 0.00cvss —epss 0.01
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
- CVE-2021-20754Aug 18, 2021risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
- CVE-2021-20753Aug 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
- CVE-2020-5643Nov 6, 2020risk 0.00cvss —epss 0.02
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
- CVE-2020-5588Jun 30, 2020risk 0.00cvss —epss 0.01
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
- CVE-2020-5587Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
- CVE-2020-5585Jun 30, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
- CVE-2020-5586Jun 30, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
- CVE-2020-5583Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
- CVE-2020-5584Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
- CVE-2020-5581Jun 30, 2020risk 0.00cvss —epss 0.02
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
- CVE-2020-5582Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
- CVE-2020-5580Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
- CVE-2020-5568Apr 28, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
- CVE-2020-5567Apr 28, 2020risk 0.00cvss —epss 0.01
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
Page 6 of 10