U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:cybozu:garoon:4.10.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 61 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-27304

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

Published: May 22, 2023; 10:15:09 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-26595

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

Published: May 22, 2023; 10:15:09 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-31472

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

Published: July 10, 2022; 9:15:08 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-30943

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

Published: July 10, 2022; 9:15:07 PM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-30602

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

Published: July 10, 2022; 9:15:07 PM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2022-29512

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

Published: July 10, 2022; 9:15:07 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-29892

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-29513

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2022-29484

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2022-29471

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-29467

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-28718

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-28713

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2022-28692

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-27807

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-27803

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-27661

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-26368

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0: 5.5 MEDIUM
CVE-2022-26054

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

Published: July 04, 2022; 3:15:08 AM -0400
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM