Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
Max CVSS
8.1
EPSS Score
0.16%
Published
2022-07-11
Updated
2022-07-15
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
Max CVSS
8.1
EPSS Score
0.16%
Published
2022-07-04
Updated
2022-07-12
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
Max CVSS
8.0
EPSS Score
0.08%
Published
2021-08-18
Updated
2021-08-24
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
Max CVSS
8.1
EPSS Score
0.14%
Published
2020-06-30
Updated
2021-07-21
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
Max CVSS
9.8
EPSS Score
1.27%
Published
2019-05-17
Updated
2020-08-24
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
Max CVSS
8.7
EPSS Score
0.09%
Published
2019-05-17
Updated
2019-05-20
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
Max CVSS
8.1
EPSS Score
0.07%
Published
2018-11-15
Updated
2018-12-14
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.11%
Published
2018-07-26
Updated
2018-09-24
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.11%
Published
2018-04-16
Updated
2018-05-17
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
Max CVSS
8.8
EPSS Score
0.15%
Published
2017-06-09
Updated
2017-06-13
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.24%
Published
2017-06-09
Updated
2017-06-13
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-04-20
Updated
2017-04-25
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
Max CVSS
8.8
EPSS Score
0.26%
Published
2017-04-20
Updated
2017-04-25
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
Max CVSS
8.1
EPSS Score
0.15%
Published
2016-06-25
Updated
2016-06-27
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
Max CVSS
8.5
EPSS Score
0.29%
Published
2015-10-12
Updated
2015-10-13
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
Max CVSS
8.5
EPSS Score
0.41%
Published
2015-10-12
Updated
2015-10-13
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.57%
Published
2014-07-20
Updated
2014-08-04
17 vulnerabilities found