CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cybozu : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-5991 89 Exec Code Sql 2019-09-12 2019-09-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
2 CVE-2019-5978 601 2019-09-12 2019-09-13
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
3 CVE-2019-5977 74 2019-09-12 2019-09-13
4.0
None Remote Low Single system None Partial None
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
4 CVE-2019-5976 20 DoS 2019-09-12 2019-09-13
4.0
None Remote Low Single system None None Partial
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
5 CVE-2019-5975 74 XSS 2019-09-12 2019-09-13
3.5
None Remote Medium Single system None Partial None
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
6 CVE-2019-5947 79 XSS 2019-05-17 2019-05-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
7 CVE-2019-5946 601 2019-05-17 2019-05-20
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
8 CVE-2019-5945 255 +Info 2019-05-17 2019-05-20
5.0
None Remote Low Not required Partial None None
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
9 CVE-2019-5944 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system None Partial None
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
10 CVE-2019-5943 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
11 CVE-2019-5942 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
12 CVE-2019-5941 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system None Partial None
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
13 CVE-2019-5940 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
14 CVE-2019-5939 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
15 CVE-2019-5938 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
16 CVE-2019-5937 79 XSS 2019-05-17 2019-05-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
17 CVE-2019-5936 22 Dir. Trav. 2019-05-17 2019-05-20
5.5
None Remote Low Single system Partial Partial None
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
18 CVE-2019-5935 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system None Partial None
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
19 CVE-2019-5934 89 Exec Code Sql 2019-05-17 2019-05-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
20 CVE-2019-5933 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
21 CVE-2019-5932 79 XSS 2019-05-17 2019-05-17
3.5
None Remote Medium Single system None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
22 CVE-2019-5931 20 2019-05-17 2019-05-20
5.5
None Remote Low Single system None Partial Partial
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
23 CVE-2019-5930 284 Bypass 2019-05-17 2019-05-20
4.0
None Remote Low Single system Partial None None
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
24 CVE-2019-5929 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
25 CVE-2019-5928 79 XSS 2019-05-17 2019-05-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
26 CVE-2018-16178 284 Bypass 2019-01-09 2019-10-02
5.0
None Remote Low Not required Partial None None
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
27 CVE-2018-16172 20 2019-01-09 2019-01-14
5.8
None Remote Medium Not required None Partial Partial
Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.
28 CVE-2018-16171 22 Exec Code Dir. Trav. 2019-01-09 2019-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors.
29 CVE-2018-16170 22 Dir. Trav. 2019-01-09 2019-01-14
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors.
30 CVE-2018-16169 434 Exec Code 2019-01-09 2019-01-14
6.5
None Remote Low Single system Partial Partial Partial
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.
31 CVE-2018-0705 22 Dir. Trav. 2019-01-09 2019-01-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
32 CVE-2018-0704 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
33 CVE-2018-0703 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
34 CVE-2018-0702 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
Total number of vulnerabilities : 34   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.