Home/Product/cybozu garoon
Product

cybozu garoon

198 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-22888
>= 5.0.0 and < 6.0.3
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal sett
7.5HIGH
 CVE-2026-22881
>= 5.15.0 and < 6.0.3
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to res
5.4MEDIUM
 CVE-2026-20711
>= 5.0.0 and < 6.0.3
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset
6.1MEDIUM
 CVE-2024-39457
>= 6.0.0 and < 6.0.2
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an
5.4MEDIUM
 CVE-2024-31402
>= 5.0.0 and <= 5.15.2
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data o
4.3MEDIUM
 CVE-2024-31399
>= 5.0.0 and <= 5.15.2
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is expl
6.5MEDIUM
 CVE-2024-31398
>= 5.0.0 and <= 5.15.2
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploite
4.3MEDIUM
 CVE-2024-31397
>= 5.0.0 and < 5.15.2
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who ca
4.9MEDIUM
 CVE-2024-31404
>= 5.5.0 and < 6.0.1
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log
4.3MEDIUM
 CVE-2024-31403
>= 5.5.0 and < 6.0.1
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtai
5.4MEDIUM
 CVE-2024-31401
>= 5.5.0 and < 6.0.0
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative
9.0CRITICAL
 CVE-2024-31400
>= 5.5.0 and < 6.0.0
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploite
6.5MEDIUM
 CVE-2023-27384
all versions
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter
4.3MEDIUM
 CVE-2023-27304
>= 4.6.0 and <= 5.9.2
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated a
4.3MEDIUM
 CVE-2023-26595
>= 4.10.0 and <= 5.9.2
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause
6.5MEDIUM
 CVE-2022-31472
>= 4.0.0 and <= 5.5.1
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtai
4.3MEDIUM
 CVE-2022-30943
>= 4.0.0 and <= 5.9.1
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to ob
4.3MEDIUM
 CVE-2022-30602
>= 4.0.0 and <= 5.9.1
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to al
8.1HIGH
 CVE-2022-29512
>= 4.0.0 and <= 5.9.1
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a
6.5MEDIUM
 CVE-2022-29892
>= 4.0.0 and <= 5.5.1
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeate
6.5MEDIUM
 CVE-2022-29513
>= 4.10.0 and <= 5.5.1
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an ad
4.8MEDIUM
 CVE-2022-29484
>= 4.0.0 and <= 5.9.0
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to dele
8.1HIGH
 CVE-2022-29471
>= 4.6.0 and <= 5.9.0
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of
4.3MEDIUM
 CVE-2022-29467
>= 4.2.0 and <= 5.5.1
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some
4.3MEDIUM
 CVE-2022-28718
>= 4.0.0 and <= 5.5.1
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to al
4.3MEDIUM
 CVE-2022-28713
>= 4.10.0 and <= 5.5.1
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data o
5.3MEDIUM
 CVE-2022-28692
>= 4.0.0 and <= 5.5.1
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alt
4.3MEDIUM
 CVE-2022-27807
>= 4.0.0 and <= 5.5.1
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable
4.3MEDIUM
 CVE-2022-27803
>= 4.0.0 and <= 5.5.1
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter t
4.3MEDIUM
 CVE-2022-27661
>= 4.0.0 and <= 5.5.1
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to a
4.3MEDIUM
 CVE-2022-27627
>= 4.10.2 and <= 5.5.1
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to exec
6.1MEDIUM
 CVE-2022-26368
>= 4.0.0 and <= 5.5.1
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remot
5.4MEDIUM
 CVE-2022-26054
>= 4.0.0 and <= 5.5.1
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter
4.3MEDIUM
 CVE-2022-26051
>= 4.0.0 and <= 5.5.1
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alt
4.3MEDIUM
 CVE-2021-20775
>= 4.10.0 and <= 5.5.0
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obt
4.3MEDIUM
 CVE-2021-20774
>= 4.0.0 and <= 5.5.0
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attac
5.4MEDIUM
 CVE-2021-20773
>= 4.0.0 and <= 5.5.0
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete th
4.3MEDIUM
 CVE-2021-20772
>= 4.10.0 and <= 5.5.0
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain
4.3MEDIUM
 CVE-2021-20771
>= 4.0.0 and <= 5.5.0
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject
6.1MEDIUM
 CVE-2021-20770
>= 4.6.0 and <= 5.0.2
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an
5.4MEDIUM
 CVE-2021-20769
>= 4.6.0 and <= 5.0.2
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an
5.4MEDIUM
 CVE-2021-20768
>= 4.0.0 and <= 5.0.2
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authent
4.3MEDIUM
 CVE-2021-20767
>= 4.0.0 and <= 5.0.2
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to i
5.4MEDIUM
 CVE-2021-20766
>= 4.0.0 and <= 5.0.2
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary scri
6.1MEDIUM
 CVE-2021-20765
>= 4.0.0 and <= 5.0.2
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary scr
6.1MEDIUM
 CVE-2021-20764
>= 4.0.0 and <= 5.0.2
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the d
5.3MEDIUM
 CVE-2021-20763
>= 4.0.0 and <= 5.0.2
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to
4.3MEDIUM
 CVE-2021-20762
>= 4.0.0 and <= 5.0.2
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data
4.3MEDIUM
 CVE-2021-20761
>= 4.0.0 and <= 5.0.2
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative
2.7LOW
 CVE-2021-20760
>= 4.0.0 and <= 5.0.2
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to
4.3MEDIUM
 CVE-2021-20759
>= 4.6.0 and <= 5.0.2
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker t
4.3MEDIUM
 CVE-2021-20758
>= 4.0.0 and <= 5.0.2
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker
8.0HIGH
 CVE-2021-20757
>= 4.0.0 and <= 5.0.2
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to
4.3MEDIUM
 CVE-2021-20756
>= 4.0.0 and <= 5.0.2
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obt
4.3MEDIUM
 CVE-2021-20755
>= 4.0.0 and <= 5.0.2
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obta
4.3MEDIUM
 CVE-2021-20754
>= 4.0.0 and <= 5.0.2
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alte
4.3MEDIUM
 CVE-2021-20753
>= 4.0.0 and <= 5.0.2
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject a
5.4MEDIUM
 CVE-2020-5643
>= 5.0.0 and <= 5.0.2
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data
6.5MEDIUM
 CVE-2020-5588
all versions
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended inform
4.9MEDIUM
 CVE-2020-5587
>= 4.0.0 and <= 5.0.1
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
6.5MEDIUM
 CVE-2020-5586
>= 4.10.3 and <= 5.0.1
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitra
4.8MEDIUM
 CVE-2020-5585
>= 5.0.0 and <= 5.0.1
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrar
4.8MEDIUM
 CVE-2020-5584
>= 4.0.0 and <= 5.0.1
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
7.5HIGH
 CVE-2020-5583
>= 4.0.0 and <= 5.0.1
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Repor
6.5MEDIUM
 CVE-2020-5582
>= 4.0.0 and <= 5.0.1
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file att
4.3MEDIUM
 CVE-2020-5581
>= 4.0.0 and <= 5.0.1
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended informatio
6.5MEDIUM
 CVE-2020-5580
>= 4.0.0 and <= 5.0.1
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-o
8.1HIGH
 CVE-2020-5568
>= 4.6.0 and <= 5.0.0
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2020-5567
>= 4.0.0 and <= 4.10.3
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
7.5HIGH
 CVE-2020-5566
>= 4.0.0 and <= 4.10.3
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the applicati
4.3MEDIUM
 CVE-2020-5565
>= 4.0.0 and <= 4.10.3
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the appli
4.3MEDIUM
 CVE-2020-5564
>= 4.0.0 and <= 4.10.3
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2020-5563
>= 4.0.0 and <= 4.10.3
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected prod
5.3MEDIUM
 CVE-2020-5562
>= 4.6.0 and <= 4.6.3
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative p
4.9MEDIUM
 CVE-2019-5991
>= 4.0.0 and <= 4.10.3
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL co
7.6HIGH
 CVE-2019-5978
>= 4.0.0 and <= 4.10.2
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and
6.1MEDIUM
 CVE-2019-5977
>= 4.0.0 and <= 4.10.2
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail head
4.3MEDIUM
 CVE-2019-5976
>= 4.0.0 and <= 4.10.2
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified
4.9MEDIUM
 CVE-2019-5975
>= 4.6.0 and <= 4.10.2
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbi
5.4MEDIUM
 CVE-2019-5947
>= 4.6.0 and <= 4.10.1
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web
5.4MEDIUM
 CVE-2019-5946
>= 4.2.4 and <= 4.10.1
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and
6.1MEDIUM
 CVE-2019-5945
>= 4.2.4 and <= 4.10.1
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu
9.8CRITICAL
 CVE-2019-5944
>= 4.0.0 and <= 4.10.1
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application
4.3MEDIUM
 CVE-2019-5943
>= 4.0.0 and <= 4.10.1
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without v
4.3MEDIUM
 CVE-2019-5942
>= 4.0.0 and <= 4.10.1
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access pr
4.3MEDIUM
 CVE-2019-5941
>= 4.0.0 and <= 4.10.1
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access p
4.3MEDIUM
 CVE-2019-5940
>= 4.0.0 and <= 4.10.1
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2019-5939
>= 4.0.0 and <= 4.10.1
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2019-5938
>= 4.0.0 and <= 4.10.1
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2019-5937
>= 4.0.0 and <= 4.10.1
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web
5.4MEDIUM
 CVE-2019-5936
>= 4.0.0 and <= 4.10.1
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without a
5.4MEDIUM
 CVE-2019-5935
>= 4.0.0 and <= 4.10.1
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information withou
4.3MEDIUM
 CVE-2019-5934
>= 4.0.0 and <= 4.10.0
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQ
7.2HIGH
 CVE-2019-5933
>= 4.0.0 and <= 4.10.0
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board withou
4.3MEDIUM
 CVE-2019-5932
>= 4.6.0 and <= 4.6.3
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web s
4.8MEDIUM
 CVE-2019-5931
>= 4.0.0 and <= 4.6.3
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via un
8.7HIGH
 CVE-2019-5930
>= 4.0.0 and <= 4.6.3
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application
4.3MEDIUM
 CVE-2019-5929
>= 4.0.0 and <= 4.6.3
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2019-5928
>= 4.0.0 and <= 4.6.3
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2018-16178
>= 3.0.0 and <= 4.10.0
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-o
7.5HIGH
 CVE-2018-0673
>= 3.5.0 and <= 4.6.3
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspe
8.1HIGH
 CVE-2018-0607
>= 3.5.0 and <= 4.6.2
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attac
8.8HIGH
 CVE-2018-0551
>= 3.0.0 and <= 4.6.1
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web s
5.4MEDIUM
 CVE-2018-0550
>= 3.5.0 and <= 4.6.1
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabin
4.3MEDIUM
 CVE-2018-0549
>= 3.0.0 and <= 4.6.0
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web s
5.4MEDIUM
 CVE-2018-0548
>= 4.0.0 and <= 4.6.0
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space
4.3MEDIUM
 CVE-2018-0533
>= 3.0.0 and <= 4.2.6
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session a
4.9MEDIUM
 CVE-2018-0532
>= 3.0.0 and <= 4.2.6
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Stand
2.7LOW
 CVE-2018-0531
>= 3.0.0 and <= 4.2.6
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privile
4.3MEDIUM
 CVE-2018-0530
>= 3.5.0 and <= 4.2.6
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL com
8.8HIGH
 CVE-2017-2258
all versions
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "
4.3MEDIUM
 CVE-2017-2257
all versions
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via m
6.1MEDIUM
 CVE-2017-2256
all versions
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "
5.4MEDIUM
 CVE-2017-2255
all versions
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "
5.4MEDIUM
 CVE-2017-2254
all versions
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially
4.9MEDIUM
 CVE-2017-2146
all versions
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML
4.8MEDIUM
 CVE-2017-2145
all versions
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspeci
5.4MEDIUM
 CVE-2017-2144
all versions
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
5.4MEDIUM
 CVE-2016-7803
all versions
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL com
8.8HIGH
 CVE-2016-7802
all versions
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files vi
6.5MEDIUM
 CVE-2016-7801
all versions
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified v
4.3MEDIUM
 CVE-2016-4910
all versions
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational admini
4.3MEDIUM
 CVE-2016-4909
all versions
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authenticati
4.3MEDIUM
 CVE-2016-4908
all versions
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's
4.3MEDIUM
 CVE-2016-4907
all versions
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
8.8HIGH
 CVE-2016-4906
all versions
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML
6.1MEDIUM
 CVE-2017-2095
all versions
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an
4.3MEDIUM
 CVE-2017-2094
all versions
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport"
4.3MEDIUM
 CVE-2017-2093
all versions
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
4.3MEDIUM
 CVE-2017-2092
all versions
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web s
5.4MEDIUM
 CVE-2017-2091
all versions
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alte
4.3MEDIUM
 CVE-2016-1194
all versions
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
6.5MEDIUM
 CVE-2016-1220
<= 4.2.1
Cybozu Garoon before 4.2.2 does not properly restrict access.
4.3MEDIUM
 CVE-2016-1218
<= 4.2.1
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
8.8HIGH
 CVE-2016-1217
<= 4.2.1
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
6.1MEDIUM
 CVE-2016-1216
<= 4.2.1
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
6.1MEDIUM
 CVE-2016-1215
<= 4.2.1
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
6.1MEDIUM
 CVE-2016-1214
<= 4.2.1
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
6.1MEDIUM
 CVE-2016-1213
<= 4.2.1
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
6.1MEDIUM
 CVE-2016-1219
<= 4.2.1
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
9.8CRITICAL
 CVE-2016-1193
all versions
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
7.5HIGH
 CVE-2016-1190
all versions
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspeci
6.5MEDIUM
 CVE-2016-1189
all versions
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or
8.1HIGH
 CVE-2016-1188
all versions
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
6.5MEDIUM
 CVE-2016-1196
all versions
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensiti
4.3MEDIUM
 CVE-2016-1192
all versions
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users
4.3MEDIUM
 CVE-2016-1191
all versions
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modif
5.3MEDIUM
 CVE-2015-7776
all versions
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attack
4.3MEDIUM
 CVE-2016-1197
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script
6.1MEDIUM
 CVE-2016-1195
all versions
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web s
7.4HIGH
 CVE-2015-7775
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script o
5.4MEDIUM
 CVE-2015-5647
all versions
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arb
 CVE-2015-5646
all versions
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecif
 CVE-2015-5649
all versions
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users
 CVE-2014-1996
all versions
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code
 CVE-2014-1995
all versions
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote
 CVE-2014-1994
all versions
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenti
 CVE-2014-1993
all versions
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access res
 CVE-2014-1992
all versions
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 all
 CVE-2014-1987
all versions
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vec
 CVE-2014-1989
all versions
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule inf
 CVE-2014-1988
all versions
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (
 CVE-2014-0821
all versions
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authe
 CVE-2014-0820
all versions
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote
 CVE-2014-0817
all versions
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users
 CVE-2013-6931
all versions
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary
 CVE-2013-6930
all versions
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0
 CVE-2013-6929
<= 3.7
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL comman
 CVE-2013-6006
all versions
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
 CVE-2013-6916
<= 3.7
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explore
 CVE-2013-6915
<= 3.7
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authen
 CVE-2013-6914
<= 3.7
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users t
 CVE-2013-6913
<= 3.7
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allo
 CVE-2013-6912
<= 3.7
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9
 CVE-2013-6911
<= 3.7
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or
 CVE-2013-6910
<= 3.5
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitr
 CVE-2013-6909
<= 3.5
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arb
 CVE-2013-6908
all versions
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject a
 CVE-2013-6907
<= 3.5
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to
 CVE-2013-6906
<= 3.5
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is
 CVE-2013-6905
<= 3.5
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is
 CVE-2013-6904
<= 3.5
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is u
 CVE-2013-6903
<= 3.5
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox
 CVE-2013-6902
<= 3.5
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arb
 CVE-2013-6901
<= 3.5
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote
 CVE-2013-6900
<= 3.5
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attack
 CVE-2013-6004
<= 3.7
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vector
 CVE-2013-6003
all versions
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authen
 CVE-2013-6002
<= 3.7
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified
 CVE-2013-6001
<= 3.7
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arb
 CVE-2013-0702
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web scri
 CVE-2013-0701
all versions
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL comman
 CVE-2011-1334
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu Ma
 CVE-2011-1333
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to injec
 CVE-2011-1332
all versions
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web scri
 CVE-2008-6570
all versions
Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject
 CVE-2008-6569
all versions
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session
 CVE-2006-4444
all versions
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQ
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin