Vendor CVEs
Cybozu
All CVEs
332 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20630 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors. | |||
| CVE-2021-20628 | 0.00 | — | 0.01 | Mar 18, 2021 | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox. | |||
| CVE-2021-20627 | 0.00 | — | 0.01 | Mar 18, 2021 | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20626 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. | |||
| CVE-2021-20625 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. | |||
| CVE-2021-20624 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. | |||
| CVE-2020-5643 | 0.00 | — | 0.02 | Nov 6, 2020 | Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. | |||
| CVE-2020-5587 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5588 | 0.00 | — | 0.01 | Jun 30, 2020 | Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5585 | 0.00 | — | 0.01 | Jun 30, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | |||
| CVE-2020-5586 | 0.00 | — | 0.01 | Jun 30, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. | |||
| CVE-2020-5583 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors. | |||
| CVE-2020-5584 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5581 | 0.00 | — | 0.02 | Jun 30, 2020 | Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. | |||
| CVE-2020-5582 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors. | |||
| CVE-2020-5580 | 0.00 | — | 0.01 | Jun 30, 2020 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. | |||
| CVE-2020-5572 | 0.00 | — | 0.00 | May 29, 2020 | Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. | |||
| CVE-2020-5573 | 0.00 | — | 0.00 | May 29, 2020 | Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. | |||
| CVE-2020-5568 | 0.00 | — | 0.01 | Apr 28, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. | |||
| CVE-2020-5567 | 0.00 | — | 0.01 | Apr 28, 2020 | Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu. | |||
| CVE-2020-5566 | 0.00 | — | 0.01 | Apr 28, 2020 | Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'. | |||
| CVE-2020-5565 | 0.00 | — | 0.01 | Apr 28, 2020 | Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'. | |||
| CVE-2020-5564 | 0.00 | — | 0.01 | Apr 28, 2020 | Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. | |||
| CVE-2020-5563 | 0.00 | — | 0.01 | Apr 28, 2020 | Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API. | |||
| CVE-2020-5562 | 0.00 | — | 0.01 | Apr 28, 2020 | Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | |||
| CVE-2019-6023 | 0.00 | — | 0.01 | Dec 26, 2019 | Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'. | |||
| CVE-2019-6022 | 0.00 | — | 0.02 | Dec 26, 2019 | Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | |||
| CVE-2019-5977 | 0.00 | — | 0.01 | Sep 12, 2019 | Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'. | |||
| CVE-2019-5991 | 0.00 | — | 0.01 | Sep 12, 2019 | SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2019-5975 | 0.00 | — | 0.01 | Sep 12, 2019 | DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2019-5978 | 0.00 | — | 0.01 | Sep 12, 2019 | Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | |||
| CVE-2019-5976 | 0.00 | — | 0.01 | Sep 12, 2019 | Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | |||
| CVE-2019-5947 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'. | |||
| CVE-2019-5946 | 0.00 | — | 0.01 | May 17, 2019 | Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen. | |||
| CVE-2019-5943 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'. | |||
| CVE-2019-5934 | 0.00 | — | 0.01 | May 17, 2019 | SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'. | |||
| CVE-2019-5942 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'. | |||
| CVE-2019-5944 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'. | |||
| CVE-2019-5939 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'. | |||
| CVE-2019-5941 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'. | |||
| CVE-2019-5937 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information. | |||
| CVE-2019-5935 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information. | |||
| CVE-2019-5938 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'. | |||
| CVE-2019-5936 | 0.00 | — | 0.02 | May 17, 2019 | Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'. | |||
| CVE-2019-5945 | 0.00 | — | 0.02 | May 17, 2019 | Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon. | |||
| CVE-2019-5933 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'. | |||
| CVE-2019-5940 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'. | |||
| CVE-2019-5931 | 0.00 | — | 0.01 | May 17, 2019 | Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. | |||
| CVE-2019-5929 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'. | |||
| CVE-2019-5932 | 0.00 | — | 0.01 | May 17, 2019 | Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'. |
- CVE-2021-20630Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
- CVE-2021-20628Mar 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
- CVE-2021-20627Mar 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2021-20626Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
- CVE-2021-20625Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
- CVE-2021-20624Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
- CVE-2020-5643Nov 6, 2020risk 0.00cvss —epss 0.02
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
- CVE-2020-5587Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
- CVE-2020-5588Jun 30, 2020risk 0.00cvss —epss 0.01
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
- CVE-2020-5585Jun 30, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
- CVE-2020-5586Jun 30, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
- CVE-2020-5583Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
- CVE-2020-5584Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
- CVE-2020-5581Jun 30, 2020risk 0.00cvss —epss 0.02
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
- CVE-2020-5582Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
- CVE-2020-5580Jun 30, 2020risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
- CVE-2020-5572May 29, 2020risk 0.00cvss —epss 0.00
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
- CVE-2020-5573May 29, 2020risk 0.00cvss —epss 0.00
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.
- CVE-2020-5568Apr 28, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
- CVE-2020-5567Apr 28, 2020risk 0.00cvss —epss 0.01
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
- CVE-2020-5566Apr 28, 2020risk 0.00cvss —epss 0.01
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
- CVE-2020-5565Apr 28, 2020risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
- CVE-2020-5564Apr 28, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
- CVE-2020-5563Apr 28, 2020risk 0.00cvss —epss 0.01
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
- CVE-2020-5562Apr 28, 2020risk 0.00cvss —epss 0.01
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
- CVE-2019-6023Dec 26, 2019risk 0.00cvss —epss 0.01
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
- CVE-2019-6022Dec 26, 2019risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
- CVE-2019-5977Sep 12, 2019risk 0.00cvss —epss 0.01
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
- CVE-2019-5991Sep 12, 2019risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2019-5975Sep 12, 2019risk 0.00cvss —epss 0.01
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2019-5978Sep 12, 2019risk 0.00cvss —epss 0.01
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
- CVE-2019-5976Sep 12, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
- CVE-2019-5947May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
- CVE-2019-5946May 17, 2019risk 0.00cvss —epss 0.01
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
- CVE-2019-5943May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
- CVE-2019-5934May 17, 2019risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
- CVE-2019-5942May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
- CVE-2019-5944May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
- CVE-2019-5939May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
- CVE-2019-5941May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
- CVE-2019-5937May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
- CVE-2019-5935May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
- CVE-2019-5938May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
- CVE-2019-5936May 17, 2019risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
- CVE-2019-5945May 17, 2019risk 0.00cvss —epss 0.02
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
- CVE-2019-5933May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
- CVE-2019-5940May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
- CVE-2019-5931May 17, 2019risk 0.00cvss —epss 0.01
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
- CVE-2019-5929May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
- CVE-2019-5932May 17, 2019risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
Page 5 of 7