Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | share360 | 1.1 |
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_office | 7 |
| cybozu | cybozu_dotsales | * |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.0.4 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.0.3 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.0.4 |
| cybozu | office | 6 |
| cybozu | garoon | 2.0.3 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | collaborex | * |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | mailwise | * |
| cybozu | dezie | 1.0 |
| cybozu | garoon | 2.0.2 |
| cybozu | dezie | 5.0 |
| cybozu | garoon | 2.0.0 |
| cybozu | dezie | * |
| cybozu | dezie | 2.0 |
| cybozu | garoon | 2.0.5 |
| cybozu | office | 6 |
| cybozu | garoon | 2.0.3 |
| cybozu | dezie | 4.0 |
| cybozu | garoon | 2.1.3 |
| cybozu | mailwise | 2.0 |
| cybozu | garoon | 2.0.6 |
| cybozu | collaborex | 1.0 |
| cybozu | garoon | 2.0.1 |
| cybozu | mailwise | 1.0 |
| cybozu | mailwise | 2.1 |
| cybozu | dezie | 5.1 |
| cybozu | garoon | 2.0.4 |
| cybozu | dezie | 3.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 6 |
| cybozu | office | 7 |
| cybozu | office | 8 |
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
| cybozu | office | 6 |
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 3.5.3 |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.0.4 |
| cybozu | garoon | 2.0.3 |
| cybozu | garoon | 3.5.3 |
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_office | 7 |
| cybozu | cybozu_dezie | 8.0.3 |
| cybozu | cybozu_office | 9.2.1 |
| cybozu | mailwise | 3.0 |
| cybozu | cybozu_dezie | 8.0.0 |
| cybozu | mailwise | 2.0 |
| cybozu | cybozu_dezie | 8.0.2 |
| cybozu | mailwise | * |
| cybozu | cybozu_office | 6 |
| cybozu | cybozu_dezie | 8.0.1 |
| cybozu | cybozu_dezie | 8.0.4 |
| cybozu | mailwise | 1.0 |
| cybozu | mailwise | 2.1 |
| cybozu | cybozu_office | 9 |
| cybozu | cybozu_office | * |
| cybozu | cybozu_dezie | * |
| cybozu | mailwise | 3.0(0.2) |
| cybozu | cybozu_dezie | 8.0.5 |
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_office | 7 |
| cybozu | cybozu_office | 9.2.1 |
| cybozu | cybozu_office | 9 |
| cybozu | cybozu_office | * |
| cybozu | cybozu_office | 6 |
The Cybozu Live application before 2.0.1 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. NOTE: this vulnerability exists because of a CVE-2012-4008 regression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-17,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_live | * |
| cybozu | cybozu_live | 1.0.4 |
The WebView class in the Cybozu Live application before 2.0.1 for Android allows attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. NOTE: this vulnerability exists because of a CVE-2012-4009 regression.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_live | * |
| cybozu | cybozu_live | 1.0.4 |
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_office | * |
Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | 5.0.4 |
| cybozu | mailwise | 5.0.5 |
Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.5 |
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | dezie | * |
| cybozu | dezie | 8.0.2 |
| cybozu | dezie | 8.0.4 |
| cybozu | dezie | 8.0.5 |
| cybozu | dezie | 8.0.6 |
| cybozu | dezie | 8.0.1 |
| cybozu | dezie | 8.0.0 |
| cybozu | dezie | 8.0.3 |
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | 3.5.3 |
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | * |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.0 |
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | * |
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 2.0.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.0 |
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 2.0.4 |
| cybozu | garoon | 3.5.3 |
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 2.0.4 |
| cybozu | garoon | 3.5.3 |
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.5 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 3.1 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 3.0 |
| cybozu | garoon | 2.0.2 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 2.1 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 2.0.5 |
| cybozu | garoon | 2.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 2.0.6 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5 |
| cybozu | garoon | 2.0.1 |
| cybozu | garoon | 2.0 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 2.0.4 |
| cybozu | garoon | 3.5.3 |
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.5.0 |
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 2.1.1 |
| cybozu | garoon | 2.1.0 |
| cybozu | garoon | 2.1.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 2.5.3 |
| cybozu | garoon | 2.5.4 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 2.5.2 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 2.0.0 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 2.1.3 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 2.5.1 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 2.5.0 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.7.0 |
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
| cybozu | dezie | * |
| cybozu | office | 9.0 |
| cybozu | mailwise | * |
| cybozu | mailwise | 4.0 |
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.0 |
| cybozu | remote_service_manager | 3.1.1 |
| cybozu | remote_service_manager | 2.3.0 |
| cybozu | remote_service_manager | 3.1.2 |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 4.0.3 |
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.0.0 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.0.0 |
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.9.0 |
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kintone | 1.0.3 |
| cybozu | kintone | 1.0.0 |
| cybozu | kintone | 1.0.4 |
| cybozu | kintone | 1.0.5 |
| cybozu | kintone | 1.0.2 |
| cybozu | kintone | 1.0.1 |
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kintone | 1.0.3 |
| cybozu | kintone | 1.0.0 |
| cybozu | kintone | 1.0.4 |
| cybozu | kintone | 1.0.5 |
| cybozu | kintone | 1.0.2 |
| cybozu | kintone | 1.0.1 |
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kunai | 2.1.0 |
| cybozu | kunai | 3.1.0 |
| cybozu | kunai | 3.0._5 |
| cybozu | kunai | 3.0.6 |
| cybozu | kunai | 2.0.3.1 |
| cybozu | kunai | 3.0.2 |
| cybozu | kunai | 3.0.3 |
| cybozu | kunai | 3.1.4 |
| cybozu | kunai | 2.1.1 |
| cybozu | kunai | 3.0.7 |
| cybozu | kunai | 3.1.3 |
| cybozu | kunai | 3.0.4 |
| cybozu | kunai | 3.1.2 |
| cybozu | kunai | 3.1.1 |
| cybozu | kunai | 3.0.0 |
| cybozu | kunai | 2.0.4 |
| cybozu | kunai | 2.0.3 |
| cybozu | kunai | 2.1.2 |
| cybozu | kunai | 3.0.1 |
| cybozu | kunai | 2.1.3 |
| cybozu | kunai | 3.1.5 |
| cybozu | kunai | 2.0.5 |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 4.2.0 |
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 4.0.0 |
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon before 4.2.2 does not properly restrict access.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | 5.0.6 |
| cybozu | mailwise | 5.3.1 |
| cybozu | mailwise | 5.3.2 |
| cybozu | mailwise | 5.0.0 |
| cybozu | mailwise | 5.3.0 |
| cybozu | mailwise | 5.2.0 |
| cybozu | mailwise | 5.1.2 |
| cybozu | mailwise | 5.1.4 |
| cybozu | mailwise | 5.0.1 |
| cybozu | mailwise | 5.1.1 |
| cybozu | mailwise | 5.0.4 |
| cybozu | mailwise | 5.0.5 |
| cybozu | mailwise | 5.1.0 |
| cybozu | mailwise | 5.2.1 |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | 5.0.6 |
| cybozu | mailwise | 5.3.1 |
| cybozu | mailwise | 5.3.2 |
| cybozu | mailwise | 5.0.0 |
| cybozu | mailwise | 5.3.0 |
| cybozu | mailwise | 5.2.0 |
| cybozu | mailwise | 5.1.2 |
| cybozu | mailwise | 5.1.4 |
| cybozu | mailwise | 5.0.1 |
| cybozu | mailwise | 5.1.1 |
| cybozu | mailwise | 5.0.4 |
| cybozu | mailwise | 5.0.5 |
| cybozu | mailwise | 5.1.0 |
| cybozu | mailwise | 5.2.1 |
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | 5.0.6 |
| cybozu | mailwise | 5.3.1 |
| cybozu | mailwise | 5.3.2 |
| cybozu | mailwise | 5.0.0 |
| cybozu | mailwise | 5.3.0 |
| cybozu | mailwise | 5.2.0 |
| cybozu | mailwise | 5.1.2 |
| cybozu | mailwise | 5.1.4 |
| cybozu | mailwise | 5.0.1 |
| cybozu | mailwise | 5.1.1 |
| cybozu | mailwise | 5.0.4 |
| cybozu | mailwise | 5.0.5 |
| cybozu | mailwise | 5.1.0 |
| cybozu | mailwise | 5.2.1 |
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | 5.0.6 |
| cybozu | mailwise | 5.3.1 |
| cybozu | mailwise | 5.3.2 |
| cybozu | mailwise | 5.0.0 |
| cybozu | mailwise | 5.3.0 |
| cybozu | mailwise | 5.2.0 |
| cybozu | mailwise | 5.1.2 |
| cybozu | mailwise | 5.1.4 |
| cybozu | mailwise | 5.0.1 |
| cybozu | mailwise | 5.1.1 |
| cybozu | mailwise | 5.0.4 |
| cybozu | mailwise | 5.0.5 |
| cybozu | mailwise | 5.1.0 |
| cybozu | mailwise | 5.2.1 |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-275,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 9.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 9.3.0 |
| cybozu | office | 9.1.0 |
| cybozu | office | 9.3.1 |
| cybozu | office | 9.2.0 |
| cybozu | office | 9.3.2 |
| cybozu | office | 9.2.1 |
| cybozu | office | 9.9.0 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.0.0 |
| cybozu | remote_service_manager | 3.1.0 |
| cybozu | remote_service_manager | 3.1.3 |
| cybozu | remote_service_manager | 3.1.1 |
| cybozu | remote_service_manager | 3.0.1 |
| cybozu | remote_service_manager | 3.1.2 |
| cybozu | remote_service_manager | 3.1.4 |
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kintone | * |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | dezie | 8.0.2 |
| cybozu | dezie | 8.0.4 |
| cybozu | dezie | 8.0.5 |
| cybozu | dezie | 8.0.6 |
| cybozu | dezie | 8.1.0 |
| cybozu | dezie | 8.0.7 |
| cybozu | dezie | 8.1.1 |
| cybozu | dezie | 8.0.3 |
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | dezie | 8.0.2 |
| cybozu | dezie | 8.0.4 |
| cybozu | dezie | 8.0.5 |
| cybozu | dezie | 8.0.6 |
| cybozu | dezie | 8.1.0 |
| cybozu | dezie | 8.0.7 |
| cybozu | dezie | 8.1.1 |
| cybozu | dezie | 8.0.3 |
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.6.1 |
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.5.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.6.0 |
| cybozu | office | 10.0.0 |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
| cybozu | garoon | 4.0.0 |
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kunai | 3.0.5.1 |
| cybozu | kunai | 3.0.4 |
| cybozu | kunai | 3.0.5 |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.5.0 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.4.0 |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.5.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | 10.3.0 |
| cybozu | office | 10.1.2 |
| cybozu | office | 10.2.0 |
| cybozu | office | 10.5.0 |
| cybozu | office | 10.0.2 |
| cybozu | office | 10.1.0 |
| cybozu | office | 10.0.1 |
| cybozu | office | 10.4.0 |
| cybozu | office | 10.0.0 |
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 4.2.4 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 4.0.0 |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.2.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kunai | 3.0.0 |
| cybozu | kunai | 3.0.6 |
| cybozu | kunai | 3.0.2 |
| cybozu | kunai | 3.0.5.1 |
| cybozu | kunai | 3.0.3 |
| cybozu | kunai | 3.0.1 |
| cybozu | kunai | 3.0.4 |
| cybozu | kunai | 3.0.5 |
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 4.2.5 |
| cybozu | garoon | 4.2.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.5.0 |
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 4.2.5 |
| cybozu | garoon | 4.2.4 |
| cybozu | garoon | 4.2.1 |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.2.5 |
| cybozu | garoon | 4.2.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 3.1.2 |
| cybozu | garoon | 4.0.1 |
| cybozu | garoon | 3.7.2 |
| cybozu | garoon | 3.0.0 |
| cybozu | garoon | 4.2.3 |
| cybozu | garoon | 3.1.0 |
| cybozu | garoon | 4.2.0 |
| cybozu | garoon | 3.5.2 |
| cybozu | garoon | 4.0.2 |
| cybozu | garoon | 3.7.4 |
| cybozu | garoon | 3.1.1 |
| cybozu | garoon | 3.7.1 |
| cybozu | garoon | 3.7.3 |
| cybozu | garoon | 4.0.3 |
| cybozu | garoon | 3.0.3 |
| cybozu | garoon | 4.2.1 |
| cybozu | garoon | 3.7.5 |
| cybozu | garoon | 3.5.5 |
| cybozu | garoon | 3.7.0 |
| cybozu | garoon | 4.2.2 |
| cybozu | garoon | 3.5.1 |
| cybozu | garoon | 3.0.1 |
| cybozu | garoon | 3.0.2 |
| cybozu | garoon | 3.1.3 |
| cybozu | garoon | 3.5.4 |
| cybozu | garoon | 4.2.5 |
| cybozu | garoon | 4.2.4 |
| cybozu | garoon | 3.5.3 |
| cybozu | garoon | 3.5.0 |
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 4.2.5 |
| cybozu | garoon | 4.2.4 |
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | * |
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | * |
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | * |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | * |
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | dezie | * |
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1021,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.6 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | desktop | * |
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-918,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | mailwise | * |
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kintone | * |
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 5.0.0 |
| cybozu | garoon | 5.0.1 |
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.7 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N | 1.2 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.8 |
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.8 |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.8 |
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.9 |
| cybozu | remote_service_manager | 3.1.8 |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | * |
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | remote_service_manager | 3.1.2 |
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | office | * |
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_remote_service | * |
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | 5.15.0 |
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | cybozu_remote_service | * |
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | kunai | 3.0.20 |
| cybozu | kunai | 3.0.21 |
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cybozu | garoon | * |