threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cybozu office
Product
cybozu office
78 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-39817
>= 10.0.0 and < 10.8.7
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can l
6.5
MEDIUM
CVE-2022-33311
>= 10.0.0 and <= 10.8.5
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker t
4.3
MEDIUM
CVE-2022-33151
>= 10.0.0 and <= 10.8.5
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject
6.1
MEDIUM
CVE-2022-32583
>= 10.0.0 and <= 10.8.5
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker t
4.3
MEDIUM
CVE-2022-32544
>= 10.0.0 and <= 10.8.5
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to
4.3
MEDIUM
CVE-2022-32453
>= 10.0.0 and <= 10.8.5
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data
6.5
MEDIUM
CVE-2022-32283
>= 10.0.0 and <= 10.8.5
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obt
4.3
MEDIUM
CVE-2022-30693
>= 10.0.0 and <= 10.8.5
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obt
5.3
MEDIUM
CVE-2022-30604
>= 10.0.0 and <= 10.8.5
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject
6.1
MEDIUM
CVE-2022-29891
>= 10.0.0 and <= 10.8.5
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to o
4.3
MEDIUM
CVE-2022-29487
>= 10.0.0 and <= 10.8.5
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via un
6.1
MEDIUM
CVE-2022-28715
>= 10.0.0 and <= 10.8.5
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject
6.1
MEDIUM
CVE-2022-25986
>= 10.0.0 and <= 10.8.5
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to o
4.3
MEDIUM
CVE-2021-20634
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass acc
4.3
MEDIUM
CVE-2021-20633
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access
4.3
MEDIUM
CVE-2021-20632
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass
4.3
MEDIUM
CVE-2021-20631
>= 10.0.0 and <= 10.8.4
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the
6.5
MEDIUM
CVE-2021-20630
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass
4.3
MEDIUM
CVE-2021-20629
>= 10.0.0 and <= 10.8.4
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary scri
6.1
MEDIUM
CVE-2021-20628
>= 10.0.0 and <= 10.8.4
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrar
6.1
MEDIUM
CVE-2021-20627
>= 10.0.0 and <= 10.8.4
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrar
6.1
MEDIUM
CVE-2021-20626
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass acces
6.5
MEDIUM
CVE-2021-20625
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypa
4.3
MEDIUM
CVE-2021-20624
>= 10.0.0 and <= 10.8.4
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass ac
6.5
MEDIUM
CVE-2019-6023
>= 10.0.0 and <= 10.8.3
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining da
4.3
MEDIUM
CVE-2019-6022
>= 10.0.0 and <= 10.8.3
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files
6.5
MEDIUM
CVE-2018-0704
>= 10.0.0 and <= 10.8.1
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai S
7.5
HIGH
CVE-2018-0703
>= 10.0.0 and <= 10.8.1
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP req
7.5
HIGH
CVE-2018-0567
>= 10.0.0 and <= 10.8.0
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via
6.3
MEDIUM
CVE-2018-0566
> 10.0.0 and <= 10.8.0
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access priv
4.3
MEDIUM
CVE-2018-0565
>= 10.0.0 and <= 10.8.0
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTM
6.1
MEDIUM
CVE-2018-0529
>= 10.0.0 and <= 10.7.0
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
4.3
MEDIUM
CVE-2018-0528
>= 10.0.0 and <= 10.7.0
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitte
4.3
MEDIUM
CVE-2018-0527
>= 10.0.0 and <= 10.7.0
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTM
6.1
MEDIUM
CVE-2018-0526
>= 10.0.0 and <= 10.7.0
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
4.3
MEDIUM
CVE-2017-10857
all versions
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabin
4.3
MEDIUM
CVE-2017-2116
all versions
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates
4.3
MEDIUM
CVE-2017-2115
all versions
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" informatio
4.3
MEDIUM
CVE-2017-2114
all versions
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web
5.4
MEDIUM
CVE-2016-4874
all versions
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
3.5
LOW
CVE-2016-4873
all versions
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
4.3
MEDIUM
CVE-2016-4872
all versions
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorize
4.3
MEDIUM
CVE-2016-4871
all versions
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
6.5
MEDIUM
CVE-2016-4870
all versions
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web
5.4
MEDIUM
CVE-2016-4869
all versions
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are
6.5
MEDIUM
CVE-2016-4868
all versions
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to
4.3
MEDIUM
CVE-2016-4867
all versions
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project info
4.3
MEDIUM
CVE-2016-4866
all versions
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary
4.8
MEDIUM
CVE-2016-4865
all versions
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary
4.8
MEDIUM
CVE-2016-1153
all versions
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vec
6.5
MEDIUM
CVE-2016-1152
all versions
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to
5.4
MEDIUM
CVE-2016-1151
all versions
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack
8.8
HIGH
CVE-2016-1150
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web scr
6.1
MEDIUM
CVE-2016-1149
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web scr
6.1
MEDIUM
CVE-2015-8489
all versions
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database
6.5
MEDIUM
CVE-2015-8488
all versions
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-
4.3
MEDIUM
CVE-2015-8487
all versions
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerabilit
4.3
MEDIUM
CVE-2015-8486
all versions
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary rep
5.4
MEDIUM
CVE-2015-8485
all versions
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary pos
5.4
MEDIUM
CVE-2015-8484
all versions
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecif
5.4
MEDIUM
CVE-2015-8483
all versions
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web site
7.4
HIGH
CVE-2015-7798
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web scr
6.1
MEDIUM
CVE-2015-7797
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web scr
6.1
MEDIUM
CVE-2015-7796
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web scr
6.1
MEDIUM
CVE-2015-7795
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web scr
6.1
MEDIUM
CVE-2014-5314
<= 10.0.2
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote aut
CVE-2013-4703
<= 9.3.0
Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attacke
CVE-2013-3656
<= 9.1.0
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by lever
CVE-2013-3269
<= 8
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hija
CVE-2013-2305
<= 8
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and
CVE-2011-2677
<= 7
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive informati
CVE-2011-1335
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web
CVE-2011-1334
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu Ma
CVE-2011-1333
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to injec
CVE-2010-2029
all versions
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authe
CVE-2008-6744
all versions
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through
CVE-2006-4492
all versions
Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, incl
CVE-2006-4490
<= 6.6_build_1.2
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin