Vendor
Cybozu
Cybozu, Inc. is a Tokyo-based software company that provides web-based groupware services including Cybozu Office and kintone. In addition to the main office in Tokyo, Cybozu also has offices in Matsuyama and Osaka, as well as several overseas subsidiaries in countries including Vietnam, China, Australia and the United States. The U.S.-based subsidiary, kintone Corporation, is located in San Francisco, California.
Founded 1997
Products
15
CVEs
143
Across products
2,232
Status
Private
Products
15- 1,709 CVEs
- 346 CVEs
- 71 CVEs
- 40 CVEs
- 24 CVEs
- 13 CVEs
- 13 CVEs
- 6 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
143| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1219 | Cri | 0.64 | 9.8 | 0.04 | Apr 20, 2017 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | |
| CVE-2016-7803 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2017 | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |
| CVE-2016-4907 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | |
| CVE-2016-1218 | Hig | 0.57 | 8.8 | 0.01 | Apr 20, 2017 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |
| CVE-2016-1151 | Hig | 0.57 | 8.8 | 0.00 | Feb 17, 2016 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2016-1189 | Hig | 0.53 | 8.1 | 0.00 | Jun 25, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | |
| CVE-2016-1193 | Hig | 0.49 | 7.5 | 0.00 | Jun 25, 2016 | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | |
| CVE-2016-1187 | Med | 0.44 | 6.8 | 0.00 | Apr 21, 2017 | Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | |
| CVE-2016-7802 | Med | 0.43 | 6.5 | 0.04 | Jun 9, 2017 | Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | |
| CVE-2016-4843 | Med | 0.42 | 6.5 | 0.01 | Apr 20, 2017 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | |
| CVE-2016-4871 | Med | 0.42 | 6.5 | 0.02 | Apr 17, 2017 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | |
| CVE-2016-4869 | Med | 0.42 | 6.5 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | |
| CVE-2016-1190 | Med | 0.42 | 6.5 | 0.00 | Jun 25, 2016 | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | |
| CVE-2016-1188 | Med | 0.42 | 6.5 | 0.00 | Jun 25, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | |
| CVE-2016-1153 | Med | 0.42 | 6.5 | 0.01 | Feb 17, 2016 | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. | |
| CVE-2015-8489 | Med | 0.42 | 6.5 | 0.01 | Feb 17, 2016 | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. | |
| CVE-2017-2257 | Med | 0.40 | 6.1 | 0.00 | Aug 29, 2017 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | |
| CVE-2017-2172 | Med | 0.40 | 6.1 | 0.00 | Jul 7, 2017 | Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2016-4906 | Med | 0.40 | 6.1 | 0.00 | Jun 9, 2017 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | |
| CVE-2016-1217 | Med | 0.40 | 6.1 | 0.00 | Apr 20, 2017 | Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. |