) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cybozu:garoon:4.10.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-27304 |
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. Published: May 22, 2023; 10:15:09 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2023-26595 |
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. Published: May 22, 2023; 10:15:09 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-31472 |
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. Published: July 10, 2022; 9:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-30943 |
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. Published: July 10, 2022; 9:15:07 PM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-30602 |
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. Published: July 10, 2022; 9:15:07 PM -0400 |
V3.1: 8.1 HIGH V2.0: 5.5 MEDIUM |
| CVE-2022-29512 |
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. Published: July 10, 2022; 9:15:07 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-29892 |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-29513 |
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-29484 |
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 8.1 HIGH V2.0: 5.5 MEDIUM |
| CVE-2022-29471 |
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-29467 |
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-28718 |
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-28713 |
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2022-28692 |
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-27807 |
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-27803 |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-27661 |
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-27627 |
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-26368 |
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 5.5 MEDIUM |
| CVE-2022-26054 |
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. Published: July 04, 2022; 3:15:08 AM -0400 |
V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |