Vulnerabilites related to cybozu - garoon
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de visualizaci\u00f3n en Address de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto obtener los datos de Address sin el privilegio de visualizaci\u00f3n."
}
],
"id": "CVE-2021-20756",
"lastModified": "2024-11-21T05:47:08.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.680",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35495/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35495/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-site scripting en Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos inyectar scripts web o HTML a trav\u00e9s de la aplicaci\u00f3n \u0027Portal\u0027."
}
],
"id": "CVE-2019-5939",
"lastModified": "2024-11-21T04:45:46.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.597",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35495/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35495/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:59
Severity ?
Summary
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA04760-CB1F-4D1A-99A7-3D52E8496B7A",
"versionEndIncluding": "5.9.0",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de la restricci\u00f3n de navegaci\u00f3n en Bulletin de Cybozu Garoon permite a un atacante remoto autenticado obtener los datos de Bulletin"
}
],
"id": "CVE-2022-29471",
"lastModified": "2024-11-21T06:59:08.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.677",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:53
Severity ?
Summary
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de navegaci\u00f3n y omisi\u00f3n de restricciones de operaci\u00f3n en Cabinet de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar y/u obtener los datos de Cabinet"
}
],
"id": "CVE-2022-26368",
"lastModified": "2024-11-21T06:53:50.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.283",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9326 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9326 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "982DD94E-E453-4D83-AE3D-A7CE42B95C39",
"versionEndIncluding": "4.2.6",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Cybozu Garoon, de la versi\u00f3n 3.5.0 a la 4.2.6, permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0530",
"lastModified": "2024-11-21T03:38:25.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.217",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9326"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funcionalidad de descarga en Cybozu Garoon 2.x hasta 2.5.4 y 3.x hasta 3.7 SP3 permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0820",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-27T01:55:03.540",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN26393529/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/65815"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN26393529/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7994"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en el componente de administraci\u00f3n del sistema en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6900",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:30.353",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6153"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-25 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a usuarios remotos autenticados eludir las restricciones destinadas a la lectura, creaci\u00f3n o modificaci\u00f3n de un portlet a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1189",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-25T21:59:01.407",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9020"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "704AA480-2A78-49A2-9B56-AD8124FFC440",
"versionEndIncluding": "5.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad en Workflow de Cybozu Garoon versiones 4.0.0 hasta 5.5.0, que puede permitir a un atacante autenticado remoto eliminar la informaci\u00f3n de la ruta de Workflow sin el privilegio apropiado."
}
],
"id": "CVE-2021-20773",
"lastModified": "2024-11-21T05:47:09.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.387",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. Una vulnerabilidad diferente de CVE-2008-6570."
}
],
"id": "CVE-2011-1332",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-29T17:55:01.720",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN59779256/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN59779256/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 06:15
Modified
2025-03-28 21:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC3451-9DBB-4D52-9E03-CC2AE1F53513",
"versionEndIncluding": "5.15.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n incorrecta en Cybozu Garoon 5.0.0 a 5.15.2 permite a un atacante autenticado remoto eliminar los datos de tareas pendientes compartidas."
}
],
"id": "CVE-2024-31402",
"lastModified": "2025-03-28T21:15:16.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T06:15:10.650",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Bulletin of Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20765",
"lastModified": "2024-11-21T05:47:09.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.053",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en componentes Ajax en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6910",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.370",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6434"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en el lector RSS en Cybozu Garoon v2.0.0 hasta v2.1.3, lo que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s de una entrada RSS manipulada."
}
],
"id": "CVE-2008-6570",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-31T17:30:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN52363223/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46565"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30871"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/english/advisory/99_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN52363223/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/english/advisory/99_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-23 02:15
Modified
2025-01-17 18:15
Severity ?
Summary
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2023/007698.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN41694426/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2023/007698.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN41694426/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41CE2921-5B1C-4DDC-B543-9E39F81183F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport."
}
],
"id": "CVE-2023-27384",
"lastModified": "2025-01-17T18:15:20.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-23T02:15:09.437",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94973 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97911 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN15222211/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9459 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94973 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97911 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN15222211/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9459 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos secuestrar la identificaci\u00f3n de un usuario que ha iniciado sesi\u00f3n para forzar un cierre de sesi\u00f3n por medio de vectores no especificados."
}
],
"id": "CVE-2016-4909",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.297",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94973"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9459"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN32218514/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/8987 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN32218514/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/8987 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2016-1195",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T15:59:01.227",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN32218514/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN32218514/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8987"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 05:15
Modified
2025-05-28 20:09
Severity ?
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E90C267-4D46-4007-8BF2-ABDA5820813D",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo."
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n incorrecta en Cybozu Garoon 5.0.0 a 6.0.0 permite a un atacante autenticado remoto alterar y/u obtener los datos de Memo."
}
],
"id": "CVE-2024-31403",
"lastModified": "2025-05-28T20:09:49.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T05:15:53.397",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Message de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20766",
"lastModified": "2024-11-21T05:47:09.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.097",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36116/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36116/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596",
"versionEndIncluding": "4.10.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027E-mail\u0027."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de la aplicaci\u00f3n \"E-mail\"."
}
],
"id": "CVE-2020-5564",
"lastModified": "2024-11-21T05:34:16.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.557",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36116/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36116/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en E-mail de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante remoto con un privilegio administrativo alterar los datos de E-mail sin el privilegio apropiado."
}
],
"id": "CVE-2021-20761",
"lastModified": "2024-11-21T05:47:08.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.890",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en User Profile de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto alterar los datos de User Profile sin el privilegio apropiado."
}
],
"id": "CVE-2021-20760",
"lastModified": "2024-11-21T05:47:08.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.850",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "704AA480-2A78-49A2-9B56-AD8124FFC440",
"versionEndIncluding": "5.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting en algunas funciones de E-Mail de Cybozu Garoon desde la versi\u00f3n 4.0.0 a la 5.5.0 permite a un atacante remoto inyectar un script arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2021-20771",
"lastModified": "2024-11-21T05:47:09.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.307",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.0 no restringe adecuadamente la carga de elementos IMG, lo que facilita a atacantes remotos rastrear usuarios a trav\u00e9s de un mensaje de e-mail HTML manipulado, una vulnerabilidad diferente a CVE-2016-1196."
}
],
"id": "CVE-2015-7776",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T20:59:01.190",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN53542912/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8757"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8897"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8951"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN53542912/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8982"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35485/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35485/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos autenticados eludir el Access Restriction para obtener archivos sin privilegios de acceso por medio de la funci\u00f3n Multiple Files Download de la aplicaci\u00f3n \u0027Cabinet\u0027."
}
],
"id": "CVE-2019-5942",
"lastModified": "2024-11-21T04:45:47.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.847",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35485/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35485/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36432/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36432/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36B08A81-B2F1-4045-9F12-38A2869A3848",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Cybozu Garoon versiones 5.0.0 hasta 5.0.1, permite a un atacante con derechos de administrador inyectar un script arbitrario por medio de vectores no especificados"
}
],
"id": "CVE-2020-5585",
"lastModified": "2024-11-21T05:34:18.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:11.007",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36432/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36432/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN83568336/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92600 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9414 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN83568336/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92600 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9414 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cybozu Garoon before 4.2.2."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Cybozu Garoon en versiones anteriores a 4.2.2."
}
],
"id": "CVE-2016-1218",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.500",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN83568336/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92600"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN83568336/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9414"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-25 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a usuarios remotos autenticados enviar mensajes de correo electr\u00f3nico suplantados a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1188",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-25T21:59:00.140",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8845"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-12 17:15
Modified
2024-11-21 04:45
Severity ?
Summary
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN71877187/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35975 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN71877187/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35975 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596",
"versionEndIncluding": "4.10.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a atacantes autenticados remotos ejecutar comandos SQL arbitrarios por medio de vectores no especificados."
}
],
"id": "CVE-2019-5991",
"lastModified": "2024-11-21T04:45:52.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-12T17:15:14.063",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN71877187/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN71877187/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35975"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "840B6B7E-3894-42FE-9703-9F58E3E1C343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6 y Cybozu Garoon v2.0.0 hasta v2.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con \"la descarga de archivos gr\u00e1ficos desde el panel de sistema de boletines\""
}
],
"id": "CVE-2011-1333",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-29T17:55:02.817",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN80877328/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45063"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.osvdb.org/73327"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN80877328/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48446"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 05:15
Modified
2025-08-05 15:30
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D99372-8B06-4254-AE73-F124E4F098F7",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting en Cybozu Garoon 5.0.0 a 5.15.2 permite a un atacante remoto autenticado con privilegios administrativos inyectar un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el producto."
}
],
"id": "CVE-2024-31401",
"lastModified": "2025-08-05T15:30:18.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T05:15:53.320",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9751 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9751 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 | |
| cybozu | garoon | 4.2.4 | |
| cybozu | garoon | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F71558-BFBC-4D43-AAF8-7DEB7AE2F29D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu\u0027s edit function via specially crafted input"
},
{
"lang": "es",
"value": "Cybozu Garoon en las versiones 3.5.0 a 4.2.5 permite que un atacante provoque una denegaci\u00f3n de servicio en la funci\u00f3n edit del men\u00fa de la aplicaci\u00f3n mediante una entrada especialmente manipulada."
}
],
"id": "CVE-2017-2254",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.593",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9751"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-31 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cybozu Garoon v2.0.0 a la v2.1.3, permite a atacantes remotos secuestrar sesiones web a trav\u00e9s del ID de sesi\u00f3n en la p\u00e1gina de login."
}
],
"id": "CVE-2008-6569",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-31T17:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18700809/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46564"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30871"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/info/advisory/98.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18700809/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/info/advisory/98.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36304 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36304 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8587ED1B-4105-41AE-9B30-C5E37CE98261",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo server-side request forgery (SSRF) en Cybozu Garoon versiones 4.6.0 hasta 4.6.3, permite a un atacante remoto con privilegios administrativos emitir peticiones HTTP arbitrarias hacia otros servidores web por medio de la funci\u00f3n V-CUBE Meeting."
}
],
"id": "CVE-2020-5562",
"lastModified": "2024-11-21T05:34:16.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.417",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36304"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-23 02:15
Modified
2025-01-17 18:15
Severity ?
Summary
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2023/007698.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN41694426/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2023/007698.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN41694426/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27D3DFBC-BF78-4542-9A30-DBAD59ECC223",
"versionEndIncluding": "5.9.2",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin."
}
],
"id": "CVE-2023-27304",
"lastModified": "2025-01-17T18:15:20.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-23T02:15:09.397",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34283/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34283/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25167AB9-13BA-4AC2-83E4-D9C76A0D0A3B",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.6.3 permite a los atacantes autenticados alterar la informaci\u00f3n con privilegios invocando el Installer por medio de vectores no especificados."
}
],
"id": "CVE-2019-5931",
"lastModified": "2024-11-21T04:45:46.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:03.877",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34283/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34283/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:53
Severity ?
Summary
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de operaci\u00f3n en Link de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar los datos de Link"
}
],
"id": "CVE-2022-26054",
"lastModified": "2024-11-21T06:53:21.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.233",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Scheduler de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20753",
"lastModified": "2024-11-21T05:47:07.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.467",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35489/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35489/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application \u0027Multi Report\u0027."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes autenticados remotos eludir el Access Restriction, alterando el Informe sin privilegios de acceso por medio de la aplicaci\u00f3n \u0027Multi Report\u0027."
}
],
"id": "CVE-2019-5941",
"lastModified": "2024-11-21T04:45:47.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.750",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35489/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35489/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones operativas en Portal de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto obtener los datos de Portal sin el privilegio apropiado."
}
],
"id": "CVE-2021-20763",
"lastModified": "2024-11-21T05:47:08.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.970",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cygozu Garoon anteriores a 3.7.2 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6004",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:30.323",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN87729477/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN87729477/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6929"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-29 05:37
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en la API de Cybozu Garoon 3.7.x anterior a la versi\u00f3n 3.7.3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2013-6929."
}
],
"id": "CVE-2013-6931",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-29T05:37:02.827",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20140127up03.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20140127up03.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7888"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-12 17:15
Modified
2024-11-21 04:45
Severity ?
Summary
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35912 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35912 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB43EFE1-5CE2-4E45-A8A4-2DC826216CE8",
"versionEndIncluding": "4.10.2",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting basada en DOM en Cybozu Garoon versiones 4.6.0 hasta 4.10.2, permite a atacantes autenticados remotos inyectar script web o HTML arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2019-5975",
"lastModified": "2024-11-21T04:45:50.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-12T17:15:13.657",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35912"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-29 05:37
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en la implementaci\u00f3n page-navigation de Cybozu Garoon 2.0.0 hasta la versi\u00f3n 2.0.6, 2.1.0 hasta 2.1.3, 2.5.0 hasta la versi\u00f3n 2.5.4, 3.0.0 hasta 3.0.3, 3.5.0 hasta la versi\u00f3n 3.5.5, y 3.7.x anterior a 3.7.3 permite a usuaurios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar, una vulnerabilidad diferente a CVE-2013-6929."
}
],
"id": "CVE-2013-6930",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-29T05:37:02.797",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20140127up02.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20140127up02.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7886"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35484/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35484/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application \u0027Work Flow\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad de tipo Directory traversal en Cybozu Garoon 4.0.0 a 4.10.1 permite que los atacantes autenticados remotos obtengan archivos sin privilegios de acceso a trav\u00e9s de la aplicaci\u00f3n \u0027Work Flow\u0027."
}
],
"id": "CVE-2019-5936",
"lastModified": "2024-11-21T04:45:46.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.313",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35484/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35484/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-08 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.x hasta la versi\u00f3n 3.7.5 y 4.x hasta la versi\u00f3n 4.0.3, no maneja correctamente peticiones de autenticaci\u00f3n, lo que permite a usuarios remotos autenticados llevar a cabo ataques de inyecci\u00f3n LDAP y, consecuentemente, eludir las restricciones destinadas al inicio de sesi\u00f3n u obtener informaci\u00f3n sensible mediante el aprovechamiento de ciertos privilegios del grupo administraci\u00f3n."
}
],
"id": "CVE-2015-5649",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 7.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-08T20:59:00.097",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN38369032/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN38369032/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9176"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de calendario en Cybozu Garoon anteriores a 3.7.2 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6914",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.527",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7037"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.7 anterior a SP4 permite a usuarios remotos autenticados evadir las restricciones de acceso, y ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio, a trav\u00e9s de una llamada API."
}
],
"id": "CVE-2014-1996",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-20T11:12:49.667",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN31082531/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN31082531/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9378 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9378 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391BA060-A358-4ADF-8019-39F92C18CD75",
"versionEndIncluding": "4.2.6",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon, de la versi\u00f3n 3.0.0 a la 4.2.6, permite que los atacantes remotos autenticados omitan las restricciones de acceso para alterar datos de configuraci\u00f3n de la base de datos Standard mediante vectores sin especificar."
}
],
"id": "CVE-2018-0532",
"lastModified": "2024-11-21T03:38:25.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.360",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9378"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN89211736/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92598 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9408 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN89211736/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92598 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9408 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use."
},
{
"lang": "es",
"value": "Cybozu Garoon en versiones anteriores a 4.2.2 permite a atacantes remotos eludir la autenticaci\u00f3n de acceso a trav\u00e9s de vectores relacionados con el uso de API."
}
],
"id": "CVE-2016-1219",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T17:59:00.163",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN89211736/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92598"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN89211736/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9408"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN14749391/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN14749391/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la implementaci\u00f3n de inicio de sesi\u00f3n en Cybozu Garoon 3.7 hasta la versi\u00f3n 4.2 permite a usuarios remotos autenticados leer un archivo de registro a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1192",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T20:59:05.863",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36302/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36302/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F1C456-BC9E-49A5-A3AF-412AED23A7AD",
"versionEndIncluding": "5.0.0",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications \u0027Messages\u0027 and \u0027Bulletin Board\u0027."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Cybozu Garoon versiones 4.6.0 hasta 5.0.0, permite a atacantes remotos inyectar scripts web o HTML arbitrario por medio de las aplicaciones \"Messages\" y \"Bulletin Board\"."
}
],
"id": "CVE-2020-5568",
"lastModified": "2024-11-21T05:34:17.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.837",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36302/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36302/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 05:15
Modified
2025-05-28 20:09
Severity ?
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E90C267-4D46-4007-8BF2-ABDA5820813D",
"versionEndExcluding": "6.0.1",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler."
},
{
"lang": "es",
"value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.5.0 a 6.0.0, lo que puede permitir que un usuario que pueda iniciar sesi\u00f3n en el producto vea los datos del Programador."
}
],
"id": "CVE-2024-31404",
"lastModified": "2025-05-28T20:09:10.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T05:15:53.463",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de planificaci\u00f3n en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6903",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:36.747",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100571"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6165"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34276/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34276/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8587ED1B-4105-41AE-9B30-C5E37CE98261",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-site scripting en Cybozu Garoon 4.6.0 a 4.6.3 permite a los atacantes autentificados remotamente inyectar script web o HTML a trav\u00e9s de la aplicaci\u00f3n \u0027Portal\u0027."
}
],
"id": "CVE-2019-5932",
"lastModified": "2024-11-21T04:45:46.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:03.970",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34276/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34276/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94966 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14631222/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9437 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14631222/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9437 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users\u0027 To-Dos via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes remotos eludir las restricciones de acceso para borrar los To-Dos de otros usuarios a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2016-7801",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.360",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35494/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35494/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Mail\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-site scripting en Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de la aplicaci\u00f3n \u0027Mail\u0027."
}
],
"id": "CVE-2019-5938",
"lastModified": "2024-11-21T04:45:46.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.500",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35494/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35494/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34277/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34277/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25167AB9-13BA-4AC2-83E4-D9C76A0D0A3B",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Memo\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-Site Scripting en Cybozu Garoon 4.0.0 a 4.6.3 permite a los atacantes remotos inyectar scripts web o HTML a trav\u00e9s de la aplicaci\u00f3n \u0027Memo\u0027."
}
],
"id": "CVE-2019-5929",
"lastModified": "2024-11-21T04:45:45.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:03.703",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34277/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34277/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9375 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9375 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391BA060-A358-4ADF-8019-39F92C18CD75",
"versionEndIncluding": "4.2.6",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon, de la versi\u00f3n 3.0.0 a la 4.2.6, permite que los atacantes remotos autenticados omitan las restricciones de acceso para alterar datos de configuraci\u00f3n de la autenticaci\u00f3n de sesi\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2018-0533",
"lastModified": "2024-11-21T03:38:25.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.437",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9375"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funcionalidad Map Search en Cybozu Garoon 2.x y 3.x anterior a 3.7 SP4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1995",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:49.620",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up02.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN97558950/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up02.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN97558950/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "704AA480-2A78-49A2-9B56-AD8124FFC440",
"versionEndIncluding": "5.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross-site scripting en algunas funciones de E-mail de Cybozu Garoon versiones 4.0.0 hasta 5.5.0, que permite a un atacante autenticado remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20774",
"lastModified": "2024-11-21T05:47:10.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.430",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de tel\u00e9fono en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6905",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:36.933",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100573"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6195"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:56
Severity ?
Summary
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Space de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar los datos de Space"
}
],
"id": "CVE-2022-27803",
"lastModified": "2024-11-21T06:56:13.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.417",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36455/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36455/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26176E-89D8-474A-9998-DD965613677B",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 4.0.0 hasta 5.0.1, permite a atacantes autenticados remotos omitir una restricci\u00f3n de acceso para alterar los datos del archivo adjunto del Reporte por medio de vectores no especificados"
}
],
"id": "CVE-2020-5582",
"lastModified": "2024-11-21T05:34:18.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:10.723",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36455/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36455/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36393 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36393 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26176E-89D8-474A-9998-DD965613677B",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta en Cybozu Garoon versiones 4.0.0 hasta 5.0.1, permite a atacantes autenticados remotos obtener informaci\u00f3n no deseada por medio de vectores no especificados"
}
],
"id": "CVE-2020-5581",
"lastModified": "2024-11-21T05:34:18.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:10.660",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36393"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9222 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9222 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Response request\" function in Cybozu Garoon before 4.2.2."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la funci\u00f3n \"Response request\" en Cybozu Garoon en versiones anteriores a 4.2.2."
}
],
"id": "CVE-2016-1214",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.343",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9222"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 06:15
Modified
2025-03-13 14:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC3451-9DBB-4D52-9E03-CC2AE1F53513",
"versionEndIncluding": "5.15.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users."
},
{
"lang": "es",
"value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.2. Si se explota esta vulnerabilidad, un usuario que pueda iniciar sesi\u00f3n en el producto puede obtener informaci\u00f3n sobre la lista de usuarios."
}
],
"id": "CVE-2024-31398",
"lastModified": "2025-03-13T14:15:25.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T06:15:10.347",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 01:15
Modified
2024-11-21 07:03
Severity ?
Summary
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007682.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14077132/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007682.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14077132/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE7C3F-D3CF-4063-A61E-A140BC55AA4D",
"versionEndIncluding": "5.9.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin."
},
{
"lang": "es",
"value": "La vulnerabilidad en la evasi\u00f3n de las restricciones de navegaci\u00f3n en Bulletin of Cybozu Garoon 4.0.0 a 5.9.1 permite a un atacante remoto autenticado obtener los datos de Bulletin"
}
],
"id": "CVE-2022-30943",
"lastModified": "2024-11-21T07:03:36.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T01:15:07.957",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| mozilla | firefox | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en la funci\u00f3n Space en Cybozu Garoon anteriores a 3.7.0, cuando se utiliza Firefox, permite a atacantes rmotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6901",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:30.400",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100555"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6193"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:56
Severity ?
Summary
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Link de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado deshabilitar add Categories"
}
],
"id": "CVE-2022-27807",
"lastModified": "2024-11-21T06:56:13.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.463",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:57
Severity ?
Summary
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Scheduler de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar los datos de Scheduler"
}
],
"id": "CVE-2022-28692",
"lastModified": "2024-11-21T06:57:45.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.507",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en la Yahoo! User Interface Library en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 9 o 10, o Chrome son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6916",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.603",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100554"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7157"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-21 14:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN26298347/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/8983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN26298347/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/8983 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service."
},
{
"lang": "es",
"value": "Cybozu Garoon en versiones anteriores a 4.2.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2016-1194",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-21T14:59:00.290",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN26298347/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN26298347/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8983"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35307/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35307/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9ABD1BF-04EE-45A4-A0A9-8EE5A4332EDB",
"versionEndIncluding": "4.10.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application \u0027Bulletin\u0027."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.10.0 permite a los atacantes remotos autenticados eludir Access Restriction para ver el Bulletin Board sin privilegios de visualizaci\u00f3n por medio de la aplicaci\u00f3n \u0027Bulletin\u0027."
}
],
"id": "CVE-2019-5933",
"lastModified": "2024-11-21T04:45:46.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.063",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35307/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35307/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN33879831/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/8970 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN33879831/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/8970 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a usuarios remotos autenticados eludir restricciones destinadas al acceso y obtener informaci\u00f3n sensible de Address Book a trav\u00e9s de una llamada API, una vulnerabilidad diferente a CVE-2015-7776."
}
],
"id": "CVE-2016-1196",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T20:59:06.940",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN33879831/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN33879831/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8970"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funcionalidad Messages en Cybozu Garoon 3.1.x, 3.5.x y 3.7.x anterior a 3.7 SP4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1992",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:49.493",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN94838679/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN94838679/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:59
Severity ?
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF8417-DE01-42B5-91AB-53DBFF23A3B2",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Scheduler de Cybozu Garoon versiones 4.10.0 a 5.5.1, permite a un atacante remoto autenticado con un privilegio administrativo ejecutar un script arbitrario"
}
],
"id": "CVE-2022-29513",
"lastModified": "2024-11-21T06:59:14.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.763",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:57
Severity ?
Summary
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FF8417-DE01-42B5-91AB-53DBFF23A3B2",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Scheduler de Cybozu Garoon versiones 4.10.0 a 5.5.1, permite a un atacante remoto obtener algunos datos de Facility Information sin iniciar sesi\u00f3n en el producto"
}
],
"id": "CVE-2022-28713",
"lastModified": "2024-11-21T06:57:47.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.550",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN67266823/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92596 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9221 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN67266823/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92596 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9221 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Scheduler\" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites."
},
{
"lang": "es",
"value": "La funci\u00f3n \"Scheduler\" en Cybozu Garoon en versiones anteriores a 4.2.2 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios."
}
],
"id": "CVE-2016-1213",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.297",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67266823/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92596"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67266823/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9221"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35487/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35487/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes autenticados remotos omitir el Access Restriction, alterar el contenido de la aplicaci\u00f3n \u0027Address\u00a8sin modificar los privilegios por medio de la aplicaci\u00f3n \u0027Address\u0027."
}
],
"id": "CVE-2019-5944",
"lastModified": "2024-11-21T04:45:47.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:05.017",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35487/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35487/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Broken Link, Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34279/ | Vendor Advisory | |
| nvd@nist.gov | https://jvn.jp/en/jp/JVN58849431/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34279/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25167AB9-13BA-4AC2-83E4-D9C76A0D0A3B",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-Site Scripting en Cybozu Garoon 4.0.0 a 4.6.3 permite a los atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la funci\u00f3n Customize Item."
}
],
"id": "CVE-2019-5928",
"lastModified": "2024-11-21T04:45:45.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:03.610",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34279/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN58849431/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34279/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-15 15:29
Modified
2024-11-21 03:38
Severity ?
Summary
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN12583112/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2018/006717.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN12583112/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2018/006717.html | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9E4A549-5262-4D7A-AD27-9F71474D6E24",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Cybozu Garoon, de la versi\u00f3n 3.5.0 hasta la 4.6.3, permite que un atacante autenticado lea archivos arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0673",
"lastModified": "2024-11-21T03:38:42.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-15T15:29:00.240",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2018/006717.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 03:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN57942454/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36725/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN57942454/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36725/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "518F809F-12DB-4CDB-A9EC-42A5ACF892E6",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector."
},
{
"lang": "es",
"value": "La vulnerabilidad de validaci\u00f3n de entrada inapropiada en Cybozu Garoon versi\u00f3n 5.0.0 hasta 5.0.2, permite a un atacante autenticado remoto eliminar algunos datos del tablero de anuncios por medio de un vector no especificado"
}
],
"id": "CVE-2020-5643",
"lastModified": "2024-11-21T05:34:24.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T03:15:17.233",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36725/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36725/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10211 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10211 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EDCBDC-0ECD-47EF-8B3A-A6489090D5FF",
"versionEndIncluding": "4.6.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Garoon, de la versi\u00f3n 3.0.0 a la 4.6.1, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0551",
"lastModified": "2024-11-21T03:38:27.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.687",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10211"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en la funci\u00f3n Space en Cybozu Garoon anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6902",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:30.433",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/5838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/5838"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:56
Severity ?
Summary
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de operaci\u00f3n en Workflow de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar los datos de Workflow"
}
],
"id": "CVE-2022-27661",
"lastModified": "2024-11-21T06:56:07.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.377",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de correo en Cybozu Garoon 3.x anteriores a 3.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6908",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.183",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/5870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/5870"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-12 17:15
Modified
2024-11-21 04:45
Severity ?
Summary
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35916 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35916 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E9FE9-31D5-4E63-A064-5D985039876C",
"versionEndIncluding": "4.10.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application \u0027Scheduler\u0027."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redireccionamiento abierto en Cybozu Garoon versi\u00f3n 4.0.0 hasta 4.10.2, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y realizar ataques de phishing por medio de la aplicaci\u00f3n \"Scheduler\"."
}
],
"id": "CVE-2019-5978",
"lastModified": "2024-11-21T04:45:50.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-12T17:15:13.860",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35916"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html | VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9223 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"User details\" function in Cybozu Garoon before 4.2.2."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la funci\u00f3n \"User details\" en Cybozu Garoon en versiones anteriores a 4.2.2."
}
],
"id": "CVE-2016-1215",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.373",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94966 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14631222/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9461 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14631222/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9461 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators\u0027 MultiReport filters via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes identificados remotos omitir la restricci\u00f3n de acceso para eliminar los filtros MultiReport de otros administradores operativos por medio de vectores no especificados."
}
],
"id": "CVE-2016-4910",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.330",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9461"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94965 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN13218253/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9441 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94965 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN13218253/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9441 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos obtener tokens CSRF por medio de vectores no especificados."
}
],
"id": "CVE-2016-4907",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.250",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94965"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9441"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de visualizaci\u00f3n en Portal de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto obtener los datos de Portal sin el privilegio de visualizaci\u00f3n."
}
],
"id": "CVE-2021-20755",
"lastModified": "2024-11-21T05:47:08.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.633",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:59
Severity ?
Summary
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9617EF9E-E35E-4D92-A2B1-42655A9D0551",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de direcciones en Cybozu Garoon versiones 4.2.0 a 5.5.1, permite a un atacante remoto autenticado obtener algunos datos de Address"
}
],
"id": "CVE-2022-29467",
"lastModified": "2024-11-21T06:59:08.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.633",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "El componente CGI en Cybozu Garoon 3.1.0 hasta 3.7 SP3 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1987",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-20T11:12:49.447",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140421news01.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN42024228/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140421news01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN42024228/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000073"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 01:15
Modified
2024-11-21 07:04
Severity ?
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de la restricci\u00f3n de navegaci\u00f3n en Cabinet de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado obtener los datos de Cabinet"
}
],
"id": "CVE-2022-31472",
"lastModified": "2024-11-21T07:04:31.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T01:15:08.000",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9349 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9349 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "391BA060-A358-4ADF-8019-39F92C18CD75",
"versionEndIncluding": "4.2.6",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon, de la versi\u00f3n 3.0.0 a la 4.2.6, permite que los atacantes remotos autenticados omitan las restricciones de acceso para ver o alterar un privilegio de acceso de una carpeta y/u opciones de configuraci\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2018-0531",
"lastModified": "2024-11-21T03:38:25.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.297",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9349"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-28 04:53
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "0EC985BE-8338-4A9C-8197-F0245B617042",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Cybozu Garoon 3.7 SP2 y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de la entrada de la API dise\u00f1ada."
}
],
"id": "CVE-2013-6929",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-28T04:53:06.693",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN60997973/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000124"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN60997973/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7889"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-25 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.7 hasta la versi\u00f3n 4.2 permite a atacantes remotos obtener informaci\u00f3n sensible de la lectura de correo electr\u00f3nico a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1193",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-25T21:59:03.563",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN25765762/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000079"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN25765762/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8919"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.7 | |
| microsoft | internet_explorer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de b\u00fasqueda de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer es utilizado, permite a ususario autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6913",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.497",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100559"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6928"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-12 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866."
},
{
"lang": "es",
"value": "El componente RSS Reader en Cybozy Garoon 3.x hasta la versi\u00f3n 3.7.5 y 4.x hasta la versi\u00f3n 4.0.3 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como CyVDB-866."
}
],
"id": "CVE-2015-5647",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-12T10:59:08.053",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8810"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en E-mail de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un usuario atacante autenticado alterar los datos de E-mail sin el privilegio apropiado."
}
],
"id": "CVE-2021-20762",
"lastModified": "2024-11-21T05:47:08.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.930",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 01:15
Modified
2024-11-21 07:03
Severity ?
Summary
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007682.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14077132/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007682.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14077132/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE7C3F-D3CF-4063-A61E-A140BC55AA4D",
"versionEndIncluding": "5.9.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files."
},
{
"lang": "es",
"value": "Una omisi\u00f3n de la restricci\u00f3n de operaci\u00f3n en m\u00faltiples aplicaciones de Cybozu Garoon versiones 4.0.0 hasta 5.9.1, permite a un atacante remoto autenticado alterar la informaci\u00f3n de los archivos y/o eliminarlos"
}
],
"id": "CVE-2022-30602",
"lastModified": "2024-11-21T07:03:00.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T01:15:07.913",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE134DC-A711-4EC2-8DDF-DB48E586666E",
"versionEndIncluding": "5.5.0",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Bulletin de Cybozu Garoon versiones 4.10.0 hasta 5.5.0, permite a un atacante autenticado remoto obtener el t\u00edtulo de Bulletin sin el privilegio de visualizaci\u00f3n."
}
],
"id": "CVE-2021-20772",
"lastModified": "2024-11-21T05:47:09.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.347",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:52
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN25385698/index.html | Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35265 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN25385698/index.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35265 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E957E207-2668-4E01-B431-6E6E9AA81580",
"versionEndIncluding": "4.10.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function."
},
{
"lang": "es",
"value": "Cybozu Garoon, desde la versi\u00f3n 3.0.0 hasta la 4.10.0, permite que atacantes remotos omitan las restricciones de acceso para ver informaci\u00f3n disponible solo para un usuario \"sign-on\" mediante la funci\u00f3n Single sign-on."
}
],
"id": "CVE-2018-16178",
"lastModified": "2024-11-21T03:52:13.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:03.717",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35265"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35490/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35490/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Scheduler\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-site scripting en Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos inyectar un script web o HTML arbitrario a trav\u00e9s de la aplicaci\u00f3n \u0027Scheduler\u0027."
}
],
"id": "CVE-2019-5940",
"lastModified": "2024-11-21T04:45:47.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.673",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35490/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35490/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de notas en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer o Firefox son utilizados, permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6904",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:36.853",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100572"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6395"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35488/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35488/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F771FEE4-9964-4F3B-A845-F143268C74A5",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users\u0027 credential information via the authentication of Cybozu Garoon."
},
{
"lang": "es",
"value": "Cybozu Garoon versi\u00f3n 4.2.4 hasta 4.10.1, permite a los atacantes remotos obtener la informaci\u00f3n de credenciales de usuarios por medio de la autenticaci\u00f3n de Cybozu Garoon."
}
],
"id": "CVE-2019-5945",
"lastModified": "2024-11-21T04:45:47.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:05.097",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35488/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36119/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36119/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596",
"versionEndIncluding": "4.10.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application\u0027s data via the applications \u0027Workflow\u0027 and \u0027MultiReport\u0027."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada inapropiada en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a un atacante autentificado remoto alterar los datos de la aplicaci\u00f3n por medio de las aplicaciones \"Workflow\" y \"MultiReport\"."
}
],
"id": "CVE-2020-5565",
"lastModified": "2024-11-21T05:34:16.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.620",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36119/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36119/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el portlet Notices en Cybozu Garoon 2.x y 3.x anterior a 3.7 SP4 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1994",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:49.587",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN80583739/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN80583739/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:57
Severity ?
Summary
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de operaci\u00f3n en Bulletin de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar los datos de Bulletin"
}
],
"id": "CVE-2022-28718",
"lastModified": "2024-11-21T06:57:47.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.590",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad de descarga en Cybozu Garoon 2.x hasta 2.5.4 y 3.x hasta 3.7 SP3 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2013-6930 y CVE-2013-6931."
}
],
"id": "CVE-2014-0821",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-27T01:55:03.570",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up04.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/65809"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7993"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-23 02:15
Modified
2025-01-28 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2023/007698.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN41694426/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2023/007698.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN41694426/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F182E21-51F6-4C84-8914-6DF1919A4478",
"versionEndIncluding": "5.9.2",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition."
}
],
"id": "CVE-2023-26595",
"lastModified": "2025-01-28T19:15:11.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-23T02:15:09.353",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32CA25F7-E8B5-47B0-8C38-0132843CA071",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Bulletin de Cybozu Garoon versiones 4.6.0 hasta 5.0.2, permite a un atacante autenticado remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20769",
"lastModified": "2024-11-21T05:47:09.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.227",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36118/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36118/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596",
"versionEndIncluding": "4.10.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a atacantes remotos obtener datos en el producto afectado por medio de la API."
}
],
"id": "CVE-2020-5563",
"lastModified": "2024-11-21T05:34:16.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.493",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36118/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36118/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:59
Severity ?
Summary
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39603415-4A73-4DB7-B872-AEFC61EBA053",
"versionEndIncluding": "5.9.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de la restricci\u00f3n de operaci\u00f3n en Space de Cybozu Garoon versiones 4.0.0 a 5.9.0, permite a un atacante remoto autenticado borrar los datos de Space"
}
],
"id": "CVE-2022-29484",
"lastModified": "2024-11-21T06:59:10.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.720",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:56
Severity ?
Summary
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E776CBC-EE24-4EF6-87F7-CCF15F84CA2F",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Organization\u0027s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Organization\u0027s Information de Cybozu Garoon versiones 4.10.2 a 5.5.1, permite a un atacante remoto ejecutar un script arbitrario en el navegador web del usuario conectado"
}
],
"id": "CVE-2022-27627",
"lastModified": "2024-11-21T06:56:03.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.330",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Workflow de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto alterar los datos de Workflow sin el privilegio apropiado."
}
],
"id": "CVE-2021-20754",
"lastModified": "2024-11-21T05:47:08.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.587",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN37121456/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9303 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN37121456/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9303 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cybozu Garoon 4.x en versiones anteriores a 4.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML manipulados a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7775."
}
],
"id": "CVE-2016-1197",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T15:59:02.210",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN37121456/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN37121456/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9303"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10058 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10058 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5202C0-D9AE-4D12-95E1-B595C90043C7",
"versionEndIncluding": "4.6.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en Cybozu Garoon, de la versi\u00f3n 3.0.0 a la 4.6.0, permite que atacantes remotos autenticados inyecte scripts web o HTML arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0549",
"lastModified": "2024-11-21T03:38:27.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.563",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones operativas en Scheduler y MultiReport de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto eliminar los datos de Scheduler y MultiReport sin el privilegio apropiado."
}
],
"id": "CVE-2021-20768",
"lastModified": "2024-11-21T05:47:09.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35486/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35486/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application \u0027Bulletin\u0027 and the application \u0027Cabinet\u0027."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos autenticados omitir el Access Restriction para ver la informaci\u00f3n sin privilegios de visualizaci\u00f3n a trav\u00e9s de la aplicaci\u00f3n \u0027Bulletin y la aplicaci\u00f3n \u0027cabinet\u0027."
}
],
"id": "CVE-2019-5943",
"lastModified": "2024-11-21T04:45:47.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.923",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35486/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35486/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN49285177/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/8893 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN49285177/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/8893 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cybozu Garoon 4.0.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1197."
}
],
"id": "CVE-2015-7775",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T15:59:00.117",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49285177/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49285177/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8893"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35497/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35497/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes remotos autenticados eludir el Access Restriction para cambiar la informaci\u00f3n del usuario sin privilegios de acceso por medio de la funci\u00f3n Item de la informaci\u00f3n de usuario."
}
],
"id": "CVE-2019-5935",
"lastModified": "2024-11-21T04:45:46.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.237",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35497/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35497/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:53
Severity ?
Summary
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones de operaci\u00f3n en Portal de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado alterar los datos de Portal"
}
],
"id": "CVE-2022-26051",
"lastModified": "2024-11-21T06:53:21.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:07.623",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35492/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35492/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F771FEE4-9964-4F3B-A845-F143268C74A5",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen."
},
{
"lang": "es",
"value": "La vulnerabilidad de redireccionamiento abierto en Cybozu Garoon 4.2.4 a 4.10.1 permite a los atacantes remotos redirigir a los usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de el Login Screen."
}
],
"id": "CVE-2019-5946",
"lastModified": "2024-11-21T04:45:47.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:05.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35492/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35492/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-29 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0_for_windows:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC29CFF-9C2D-4743-9B11-5075BA99565C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Cybozu Garoon 2.1.0 para Windows permiten a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n mediante el (1) par\u00e1metro tid en la funcionalidad (a) todo/view (tambi\u00e9n conocido como TODO List View), (b) todo/modify (tambi\u00e9n conocido como TODO List Modify), o (c) todo/delete; el (2) par\u00e1metro pid en la funcionalidad (d) workflow/view o (e) workflow/print; el (3) par\u00e1metro uid en la funcionalidad (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, o (i) schedule/view; el (4) par\u00e1metro cid en (j) todo/index; el (5) par\u00e1metro iid en la funcionalidad (k) memo/view o (l) memo/print; o el (6) par\u00e1metro event en la funcionalidad (m) schedule/view."
}
],
"id": "CVE-2006-4444",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-29T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21664"
},
{
"source": "cve@mitre.org",
"url": "http://vuln.sg/cybozugaroon-en.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28361"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28362"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28363"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28364"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28365"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28366"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/19731"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3399"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://vuln.sg/cybozugaroon-en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/19731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28594"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-19 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN14749391/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078 | Vendor Advisory | |
| vultures@jpcert.or.jp | https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN14749391/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n Files en Cybozu Garoon 3.x y 4.x en versiones anteriores a 4.2.1 permite a atacantes remotos modificar ajustes a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1191",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-19T20:59:04.893",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon before 4.2.2 does not properly restrict access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN93411577/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92599 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9407 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN93411577/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92599 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9407 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon before 4.2.2 does not properly restrict access."
},
{
"lang": "es",
"value": "Cybozu Garoon en versiones anteriores a 4.2.2 no restringe correctamente el acceso."
}
],
"id": "CVE-2016-1220",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.530",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN93411577/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92599"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN93411577/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9407"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35306/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35306/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9ABD1BF-04EE-45A4-A0A9-8EE5A4332EDB",
"versionEndIncluding": "4.10.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application \u0027logging\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n SQL en Cybozu Garoon 4.0.0 a 4.10.0 permite al atacante con privilegios de administrador ejecutar comandos SQL arbitrarios por medio de la funci\u00f3n Log Search de la aplicaci\u00f3n \u0027logging\u0027."
}
],
"id": "CVE-2019-5934",
"lastModified": "2024-11-21T04:45:46.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.157",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35306/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35306/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de administraci\u00f3n del sistema en Cybozu Garoon anteriores a 3.7.2 permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6915",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.573",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6896"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/34227/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/34227/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25167AB9-13BA-4AC2-83E4-D9C76A0D0A3B",
"versionEndIncluding": "4.6.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application \u0027Management of Basic System\u0027."
},
{
"lang": "es",
"value": "Cybozu Garoon 4.0.0 a 4.6.3 permite a los atacantes remotos eludir el Access Restriction para navegar por p\u00e1ginas no autorizadas a trav\u00e9s de la aplicaci\u00f3n \u0027Management of Basic System\u0027."
}
],
"id": "CVE-2019-5930",
"lastModified": "2024-11-21T04:45:45.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:03.783",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34227/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/34227/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-04 07:15
Modified
2024-11-21 06:59
Severity ?
Summary
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007429.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN73897863/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC9FD14-88A3-4BF4-81D5-C34EF2FDBAA9",
"versionEndIncluding": "5.5.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Space de Cybozu Garoon versiones 4.0.0 a 5.5.1, permite a un atacante remoto autenticado mostrar repetidamente errores en determinadas funciones y causar una denegaci\u00f3n de servicio (DoS)"
}
],
"id": "CVE-2022-29892",
"lastModified": "2024-11-21T06:59:55.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-04T07:15:08.807",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32CA25F7-E8B5-47B0-8C38-0132843CA071",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Message de Cybozu Garoon versiones 4.6.0 hasta 5.0.2, permite a un atacante autenticado remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20770",
"lastModified": "2024-11-21T05:47:09.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.267",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D831C28-C285-47A4-9BA7-7966DEF14E4D",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
},
{
"lang": "es",
"value": "El servidor en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes remotos causar denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6002",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-05T12:55:30.260",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN94245330/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN94245330/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6571"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36453/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36453/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBC63B6-BCBB-419C-8864-01B1E6DB2EAA",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.10.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting en Cybozu Garoon versiones 4.10.3 hasta 5.0.1, permite a un atacante con derechos de administrador inyectar script arbitrarios por medio de vectores no especificados"
}
],
"id": "CVE-2020-5586",
"lastModified": "2024-11-21T05:34:19.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:11.083",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36453/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36453/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-12 17:15
Modified
2024-11-21 04:45
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35913 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35913 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E9FE9-31D5-4E63-A064-5D985039876C",
"versionEndIncluding": "4.10.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 4.0.0 hasta 4.10.2, permite a un atacante con derechos administrativos causar una condici\u00f3n de denegaci\u00f3n de servicio por medio de vectores no especificados."
}
],
"id": "CVE-2019-5976",
"lastModified": "2024-11-21T04:45:50.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-12T17:15:13.717",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35913"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Message de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto secuestrar la autenticaci\u00f3n de los administradores y llevar a cabo una operaci\u00f3n arbitraria por medio de vectores no especificados."
}
],
"id": "CVE-2021-20758",
"lastModified": "2024-11-21T05:47:08.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.767",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-26 17:29
Modified
2024-11-21 03:38
Severity ?
Summary
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN13415512/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/33120/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN13415512/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/33120/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19478CF4-931E-4536-BA68-B56DA69CE7EE",
"versionEndIncluding": "4.6.2",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL la aplicaci\u00f3n Notifications en Cybozu Garoon, de la versi\u00f3n 3.5.0 a la 4.6.2, permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-0607",
"lastModified": "2024-11-21T03:38:34.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T17:29:00.457",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/33120/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/33120/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/10056 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/10056 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9CF07C-EF11-43CB-8E33-F7DEA8067D64",
"versionEndIncluding": "4.6.1",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Cabinet\" via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon, de la versi\u00f3n 3.5.0 a la 4.6.1, permite que los atacantes remotos autenticados omitan las restricciones de acceso para ver el t\u00edtulo cerrado de \"Space\" mediante vectores sin especificar."
}
],
"id": "CVE-2018-0550",
"lastModified": "2024-11-21T03:38:27.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.640",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/10056"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-29 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | office | 6 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | dezie | * | |
| cybozu | dezie | 1.0 | |
| cybozu | dezie | 2.0 | |
| cybozu | dezie | 3.0 | |
| cybozu | dezie | 4.0 | |
| cybozu | dezie | 5.0 | |
| cybozu | dezie | 5.1 | |
| cybozu | mailwise | * | |
| cybozu | mailwise | 1.0 | |
| cybozu | mailwise | 2.0 | |
| cybozu | mailwise | 2.1 | |
| cybozu | collaborex | * | |
| cybozu | collaborex | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:office:6:*:*:*:*:*:*:*",
"matchCriteriaId": "840B6B7E-3894-42FE-9703-9F58E3E1C343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:dezie:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A008D879-B6CC-4B4E-AC09-2EE95C766C97",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF84B9B-33F4-4AC2-BD73-75F534C2C44F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "215F885A-9E88-4A1A-9DC2-D3F0C49D5EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "485DBA87-EC8A-42B7-A733-75DCC80D582F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8402C259-A94C-4565-8966-A7EBC6309D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FB82E3-EA14-4A4A-949A-FCB0FDF53933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:dezie:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E63153C-484C-408A-B147-BB25D93F3B19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:mailwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B063F64-8A73-4D16-B6CB-FC832CAA91F2",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51929894-F74C-4F8D-A12F-73CBA4FED396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE25F18D-2317-4646-A00A-D627E3BF3868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:mailwise:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A28D9F5-6A27-42B5-8640-8560D68D930E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:collaborex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1271BA9-9FD3-444C-B36F-68B4C0AA3189",
"versionEndIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:collaborex:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A910D1FE-CBF2-4AF5-B322-A1B87E53D75F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Cybozu Office v6, Cybozu Garoon v2.0.0 hasta v2.1.3, Cybozu Dezie antes de v6.1, Cybozu MailWise antes de v3.1, y Cybozu Collaborex antes de v1.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con \"la descarga de archivos gr\u00e1ficos desde el sistema de correo\"."
}
],
"id": "CVE-2011-1334",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-06-29T17:55:02.877",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45043"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.osvdb.org/73317"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48446"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9647 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9647 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto obtener tokens utilizados por la protecci\u00f3n CSRF a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2093",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.467",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9647"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9746 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9746 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 | |
| cybozu | garoon | 4.2.4 | |
| cybozu | garoon | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F71558-BFBC-4D43-AAF8-7DEB7AE2F29D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Space\"."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ruta de b\u00fasqueda no confiable en el instalador en Synology Cloud Station Backup anterior a la versi\u00f3n 4.2.5-4396 en Windows, permiten a los atacantes locales ejecutar c\u00f3digo arbitrario y conducir ataques de secuestro de DLL mediante un archivo de tipo caballo de Troya en las bibliotecas (1) shfolder.dll, (2) ntmarta.dll , (3) secur32.dll o (4) dwmapi.dll, en el directorio de trabajo actual."
}
],
"id": "CVE-2017-2255",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.627",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9746"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.7 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 8 | |
| microsoft | internet_explorer | 9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
"matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*",
"matchCriteriaId": "C043EDDD-41BF-4718-BDCF-158BBBDB6360",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de calendario en Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer 6 a 9 son utilizados, permite a usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6912",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.447",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100560"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6927"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36408/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36408/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26176E-89D8-474A-9998-DD965613677B",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report\u0027s data via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 4.0.0 hasta 5.0.1, permite a atacantes autenticados remotos omitir una restricci\u00f3n de acceso para obtener datos de Multi-Report no autorizados por medio de vectores no especificados"
}
],
"id": "CVE-2020-5583",
"lastModified": "2024-11-21T05:34:18.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:10.817",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36408/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36408/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94974 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN17980240/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9447 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94974 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN17980240/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9447 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via \"MultiReport\" function."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de SQL en Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes autenticados remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de la funci\u00f3n \"MultiReport\"."
}
],
"id": "CVE-2016-7803",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.423",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94974"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-25 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.1 hasta la versi\u00f3n 4.2 permite a usuarios remotos autenticados eludir las restricciones destinadas a la lectura de MultiReport a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1190",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-25T21:59:02.593",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8877"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D831C28-C285-47A4-9BA7-7966DEF14E4D",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n Space en Cybozu Garoon anteriores a 3.7 SP1 permite a atacantes autenticados remotamente ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6001",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-05T12:55:30.230",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN82375148/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN82375148/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6955"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-02 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors."
},
{
"lang": "es",
"value": "La funcionalidad Phone Messages en Cybozu Garoon 2.0.0 hasta 3.7 SP2 permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1988",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-02T10:55:07.430",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN90519014/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN90519014/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8105"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94966 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/97912 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14631222/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9399 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94966 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97912 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14631222/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9399 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user\u0027s private RSS settings via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes identificados remotos omitir la restricci\u00f3n de acceso para alterar o eliminar la configuraci\u00f3n RSS privada de otro usuario por medio de vectores no especificados."
}
],
"id": "CVE-2016-4908",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.283",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-12 17:15
Modified
2024-11-21 04:45
Severity ?
Summary
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35915 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN62618482/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35915 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E9FE9-31D5-4E63-A064-5D985039876C",
"versionEndIncluding": "4.10.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application \u0027E-Mail\u0027."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de encabezado de correo en Cybozu Garoon versiones 4.0.0 hasta 4.10.2, puede permitir a atacantes autenticados remotos alterar el encabezado de correo por medio de la aplicaci\u00f3n \"E-Mail\"."
}
],
"id": "CVE-2019-5977",
"lastModified": "2024-11-21T04:45:50.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-12T17:15:13.780",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35915"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.0.1 | |
| cybozu | garoon | 2.0.2 | |
| cybozu | garoon | 2.0.3 | |
| cybozu | garoon | 2.0.4 | |
| cybozu | garoon | 2.0.5 | |
| cybozu | garoon | 2.0.6 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 2.x hasta 2.5.4 y 3.x hasta 3.7 SP3 no maneja debidamente las sesiones, lo que permite a usuarios remotos autenticados suplantar usuarios arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-0817",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-27T01:55:03.507",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN24035499/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN24035499/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7992"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9846 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9846 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F71558-BFBC-4D43-AAF8-7DEB7AE2F29D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API \"WorkflowHandleApplications\"."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Cybozu Garoon en las versiones 4.2.4 a 4.2.5 permite que un atacante lea archivos arbitrarios mediante Garoon SOAP API \"WorkflowHandleApplications\"."
}
],
"id": "CVE-2017-2258",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.733",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9846"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36409/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36409/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26176E-89D8-474A-9998-DD965613677B",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 4.0.0 hasta 5.0.1, permite a atacantes autenticados remotos obtener informaci\u00f3n no deseada por medio de vectores no especificados"
}
],
"id": "CVE-2020-5587",
"lastModified": "2024-11-21T05:34:19.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:11.147",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36409/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36409/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 05:15
Modified
2025-08-05 15:37
Severity ?
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D99372-8B06-4254-AE73-F124E4F098F7",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
},
{
"lang": "es",
"value": "Existe un problema de inserci\u00f3n de informaci\u00f3n confidencial en los datos enviados en Cybozu Garoon 5.0.0 a 5.15.0. Si se aprovecha esta vulnerabilidad, es posible que se dejen datos no deseados en el correo reenviado."
}
],
"id": "CVE-2024-31400",
"lastModified": "2025-08-05T15:37:51.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T05:15:53.130",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el componente mail de Cybozu Garoon 2.x y 3.x anterior a la versi\u00f3n 3.7.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-6907",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.090",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6166"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36410/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36410/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A7CE06-5AF9-40C8-A4AD-61244DB6772F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8631087E-8682-4D58-BAEB-9D33B00D8ECF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta en Cybozu Garoon versiones 5.0.0 hasta 5.0.1, permite a un atacante con derechos de administrador obtener informaci\u00f3n no deseada por medio de vectores no especificados"
}
],
"id": "CVE-2020-5588",
"lastModified": "2024-11-21T05:34:19.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:11.207",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36410/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36410/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35493/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35493/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61297B3F-396E-42C4-BEC1-041207A7EBC2",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-Site Scripting en Cybozu Garoon 4.0.0 a 4.10.1 permite a los atacantes autenticados remotamente inyectar scripts web o HTML a trav\u00e9s de la informaci\u00f3n del usuario."
}
],
"id": "CVE-2019-5937",
"lastModified": "2024-11-21T04:45:46.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:04.407",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35493/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35493/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Cybozu Garoon 3.1 a 3.5 SP5, cuando se activa el reenv\u00edo de Phone Messages, permite a atacantes autenticados remotamente inyectar cabeceras de email arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6003",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-05T12:55:30.293",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN84221103/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN84221103/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6121"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-14 12:11
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege."
},
{
"lang": "es",
"value": "Vulnerabilidad que permite la inyecci\u00f3n de c\u00f3digo SQL en Cybozu Garoon v2.5 hasta 3.5.3 que permite a usuarios autenticados ejecutar c\u00f3digo arbitrario SQL para elevar privilegios."
}
],
"id": "CVE-2013-0701",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-14T12:11:30.777",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20130125up02.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN07629635/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20130125up02.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN07629635/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-14 12:11
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348C389E-ADFD-4D2C-AA54-220664EA2755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48F3F19B-25A7-4E9E-9961-1F7C8DBC0327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0E10-87A4-4862-A873-A943F44A9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D773E-B6DE-4FD2-A911-0D13C6CA902C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C846A750-F26E-4F1F-85A3-F95BCC9F8A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E139B6A-2F36-4EB5-BA1F-84D67C89E935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad ante la ejecuci\u00f3n de secuencias de comandos en sitios cruzados de Cybozu Garoon v2.0.0 hasta v3.5.3 permite a atacantes remotos inyectar web script o html arbitrarios por vectores sin especificar."
}
],
"id": "CVE-2013-0702",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-02-14T12:11:30.827",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130125up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN95863326/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/20130125up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN95863326/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting en Full Text Search de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto inyectar un script arbitrario por medio de vectores no especificados."
}
],
"id": "CVE-2021-20767",
"lastModified": "2024-11-21T05:47:09.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.147",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-19 09:15
Modified
2025-03-19 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86C99C88-076E-4108-8D3A-E0117B948240",
"versionEndExcluding": "6.0.2",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."
},
{
"lang": "es",
"value": " Cybozu Garoon 6.0.0 a 6.0.1 contiene una vulnerabilidad de Cross Site Scripting en la vista previa de PDF. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web de un usuario que haya iniciado sesi\u00f3n."
}
],
"id": "CVE-2024-39457",
"lastModified": "2025-03-19T21:15:36.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-19T09:15:05.343",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN74825766/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN74825766/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN43534286/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9695 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN43534286/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9695 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en Cybozu Garoon desde las versiones 4.0.0 hasta las 4.2.4 permite que atacantes remotos realicen operaciones arbitrarias mediante vectores sin especificar."
}
],
"id": "CVE-2017-2145",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:00.227",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9695"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE134DC-A711-4EC2-8DDF-DB48E586666E",
"versionEndIncluding": "5.5.0",
"versionStartIncluding": "4.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Bulletin de Cybozu Garoon versiones 4.10.0 hasta 5.5.0, permite a un atacante autenticado remoto obtener los datos de Comentario y Espacio sin el privilegio de visualizaci\u00f3n."
}
],
"id": "CVE-2021-20775",
"lastModified": "2024-11-21T05:47:10.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.473",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Attaching Files de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante remoto alterar los datos de Attaching Files."
}
],
"id": "CVE-2021-20764",
"lastModified": "2024-11-21T05:47:09.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:07.010",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-28 04:53
Modified
2025-04-11 00:51
Severity ?
Summary
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request."
},
{
"lang": "es",
"value": "Cybozu Garoon de 3.5 a 3.7 SP2 permite a atacantes remotos evitar la autenticaci\u00f3n Keitai trav\u00e9s de un ID de usuario modificado en una solicitud."
}
],
"id": "CVE-2013-6006",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-28T04:53:06.537",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN81706478/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN81706478/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/7893"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-11 01:15
Modified
2024-11-21 06:59
Severity ?
Summary
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2022/007682.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN14077132/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2022/007682.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN14077132/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87EE7C3F-D3CF-4063-A61E-A140BC55AA4D",
"versionEndIncluding": "5.9.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege."
},
{
"lang": "es",
"value": "Una exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en m\u00faltiples aplicaciones de Cybozu Garoon versiones 4.0.0 hasta 5.9.1, permite a un atacante remoto autenticado obtener los datos sin el privilegio de visualizaci\u00f3n"
}
],
"id": "CVE-2022-29512",
"lastModified": "2024-11-21T06:59:14.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-11T01:15:07.873",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94969 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN12281353/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9511 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94969 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN12281353/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9511 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via \"Messages\" function of Cybozu Garoon Keitai."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site-scripting en Cybozu Garoon versiones 3.0.0 hasta 4.2.2, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de la funci\u00f3n \"Messages\" de Cybozu Garoon Keitai."
}
],
"id": "CVE-2016-4906",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.220",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94969"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9511"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-12 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.x hasta la versi\u00f3n 3.7.5 y 4.x hasta la versi\u00f3n 4.0.3 permite a usuarios remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como CyVDB-863 y CyVDB-867."
}
],
"id": "CVE-2015-5646",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-12T10:59:06.960",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8809"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/8811"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-17 16:29
Modified
2024-11-21 04:45
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/35496/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN58849431/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/35496/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98897368-8A02-481B-99CF-EE79E0B2DA59",
"versionEndIncluding": "4.10.1",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Cabinet\u0027."
},
{
"lang": "es",
"value": "La vulnerabilidad del tipo Cross-Site Scripting en Cybozu Garoon 4.6.0 a 4.10.1 permite a los atacantes autenticados remotamente inyectar scripts web o HTML a trav\u00e9s de la aplicaci\u00f3n \u0027Cabinet\u0027."
}
],
"id": "CVE-2019-5947",
"lastModified": "2024-11-21T04:45:47.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-17T16:29:05.283",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35496/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/35496/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-16 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9886 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN65268217/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9886 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41E86B01-E8EA-4DA0-B0BD-9285729784BA",
"versionEndIncluding": "4.6.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Space\" via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon, de la versi\u00f3n 4.0.0 a la 4.6.0, permite que los atacantes remotos autenticados omitan las restricciones de acceso para ver el t\u00edtulo cerrado de \"Space\" mediante vectores sin especificar."
}
],
"id": "CVE-2018-0548",
"lastModified": "2024-11-21T03:38:27.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-16T14:29:00.500",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9886"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9570 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9570 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.0.0 hasta 4.2.3 permiten a un atacante remoto autenticado sortear la restricci\u00f3n de acceso en la funci\u00f3n Phone Messages para alterar el estado de los mensajes del tel\u00e9fono a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2091",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.403",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9570"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9765 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9765 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 | |
| cybozu | garoon | 4.2.4 | |
| cybozu | garoon | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F71558-BFBC-4D43-AAF8-7DEB7AE2F29D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function."
},
{
"lang": "es",
"value": "Una vulnerabilidad cross-Site Scripting (XSS) en Cybozu Garoon en las versiones 3.0.0 a 4.2.5 permite que un atacante inyecte script web o HTML arbitrario mediante la funci\u00f3n mail."
}
],
"id": "CVE-2017-2257",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.703",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9765"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html | VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9235 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9235 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Check available times\" function in Cybozu Garoon before 4.2.2."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la funci\u00f3n \"Check available times\" en Cybozu Garoon en versiones anteriores a 4.2.2."
}
],
"id": "CVE-2016-1217",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.453",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9235"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36391 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36391 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26176E-89D8-474A-9998-DD965613677B",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 4.0.0 hasta 5.0.1, permite a atacantes autenticados remotos omitir una restricci\u00f3n de acceso para visualizar y/o alterar una configuraci\u00f3n de inicio de sesi\u00f3n \u00danica por medio de vectores no especificados"
}
],
"id": "CVE-2020-5580",
"lastModified": "2024-11-21T05:34:18.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:10.600",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36391"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 2.0.0 | |
| cybozu | garoon | 2.1.0 | |
| cybozu | garoon | 2.1.1 | |
| cybozu | garoon | 2.1.2 | |
| cybozu | garoon | 2.1.3 | |
| cybozu | garoon | 2.5.0 | |
| cybozu | garoon | 2.5.1 | |
| cybozu | garoon | 2.5.2 | |
| cybozu | garoon | 2.5.3 | |
| cybozu | garoon | 2.5.4 | |
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1556F99E-1609-44FF-83F0-F43FBDE738A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F585001-37C9-42F5-8B13-56827E6AC785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47FD3F43-9ECA-4815-8BDC-B9DAC07E9400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5F2D43-8B67-4D84-94AF-262F6D66F2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "277403E7-3CD9-458C-9669-FB983FF94568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC3404D5-E57D-4714-852A-28410DA9C4C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E8134C-DE8A-452D-A211-05A09D5FCD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1631C311-CBBA-483A-ABF1-27C8ECEC798B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5274D0F4-ED8A-4CA9-9FAC-EB66148C01DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4BB645-2C78-4EAB-B4A1-B3166E1E05DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "El subsistema Portlets en Cybozu Garoon 2.x y 3.x anterior a 3.7 SP4 permite a usuarios remotos autenticados evadir las restricciones de acceso a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-1993",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-20T11:12:49.540",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN75990997/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN75990997/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-02 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.0 hasta 3.7 SP3 permite a usuarios remotos autenticados evadir restricciones de acceso y eliminar informaci\u00f3n de planificaci\u00f3n a trav\u00e9s de llamadas API no especificadas."
}
],
"id": "CVE-2014-1989",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-02T10:55:07.787",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN31230946/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja/article/5264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN31230946/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja/article/5264"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36113/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36113/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596",
"versionEndIncluding": "4.10.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application\u0027s data via the applications \u0027E-mail\u0027 and \u0027Messages\u0027."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n inapropiada en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a atacantes autentificados remotos alterar los datos de la aplicaci\u00f3n por medio de las aplicaciones \"E-mail\" y \"Messages\"."
}
],
"id": "CVE-2020-5566",
"lastModified": "2024-11-21T05:34:17.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.667",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36113/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36113/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| microsoft | internet_explorer | 6 | |
| microsoft | internet_explorer | 7 | |
| microsoft | internet_explorer | 8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*",
"matchCriteriaId": "693D3C1C-E3E4-49DB-9A13-44ADDFF82507",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*",
"matchCriteriaId": "A52E757F-9B41-43B4-9D67-3FEDACA71283",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en un componente de correo en Cybozu Garoon anteriores a 3.7.0, cuando Internet Explorer 6 a 8 es utilizado, permite a atacnates remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6906",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.010",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100574"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6174"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03A6CB29-0A47-4D48-BCE8-F52C736CFF6B",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones operativas en E-mail de Cybozu Garoon versiones 4.0.0 hasta 5.0.2, permite a un atacante autenticado remoto alterar los datos del Portal sin el privilegio apropiado."
}
],
"id": "CVE-2021-20757",
"lastModified": "2024-11-21T05:47:08.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.723",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9660 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9660 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.0.0 hasta 4.2.3 permiten a un atacante remoto autenticado sortear la restricci\u00f3n de acceso en la funci\u00f3n mail, consiguiendo una alteraci\u00f3n del orden de las carpetas de correo a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2095",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.527",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9660"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9555 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9555 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting en Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado inyectar script web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2092",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.433",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9555"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN43534286/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9702 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN43534286/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9702 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 | |
| cybozu | garoon | 4.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp1:*:*:*:*:*:*",
"matchCriteriaId": "D0121310-1C8A-4F3E-9C0C-B8EA37907C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp2:*:*:*:*:*:*",
"matchCriteriaId": "EE55E26D-AC2D-4384-97BC-090737F2D100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:sp3:*:*:*:*:*:*",
"matchCriteriaId": "B042AA50-E923-4C84-8A94-85479A59F652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting en Cybozu Garoon versi\u00f3n 3.0.0 hasta 4.2.4, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del men\u00fa de la aplicaci\u00f3n."
}
],
"id": "CVE-2017-2146",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:00.257",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9702"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-11 06:15
Modified
2025-03-20 19:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2024/007901.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN28869536/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAC3451-9DBB-4D52-9E03-CC2AE1F53513",
"versionEndIncluding": "5.15.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition."
},
{
"lang": "es",
"value": "Existe un consumo excesivo de recursos de la plataforma dentro de un problema de bucle en Cybozu Garoon 5.0.0 a 5.15.2. Si se aprovecha esta vulnerabilidad, el procesamiento de un correo manipulado puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2024-31399",
"lastModified": "2025-03-20T19:15:29.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-11T06:15:10.490",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-07 13:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN43534286/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9648 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN43534286/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9648 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user\u0027s file through a specially crafted page."
},
{
"lang": "es",
"value": "Cybozu Garoon desde la versi\u00f3n 3.0.0 hasta la 4.2.4 podr\u00eda permitir que un atacante bloquee el archivo de otro usuario mediante una p\u00e1gina especialmente manipulada."
}
],
"id": "CVE-2017-2144",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-07T13:29:00.177",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9648"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 11:15
Modified
2024-11-21 05:34
Severity ?
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36433/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN55497111/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36433/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26176E-89D8-474A-9998-DD965613677B",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon versiones 4.0.0 hasta 5.0.1, permite a atacantes remotos obtener informaci\u00f3n no deseada por medio de vectores no especificados"
}
],
"id": "CVE-2020-5584",
"lastModified": "2024-11-21T05:34:18.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T11:15:10.880",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36433/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36433/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-29 01:35
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9744 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN63564682/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9744 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 | |
| cybozu | garoon | 4.2.4 | |
| cybozu | garoon | 4.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6C3FA5-801C-440F-A755-6BC9BB04EB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E4F71558-BFBC-4D43-AAF8-7DEB7AE2F29D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Memo\"."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting en Cybozu Garoon versi\u00f3n 3.0.0 hasta 4.2.5, permite a un atacante inyectar un script web o HTML arbitrario por medio de la funci\u00f3n \"Rich text\" de la aplicaci\u00f3n \"Memo\"."
}
],
"id": "CVE-2017-2256",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T01:35:13.657",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9744"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-09 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/94967 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN16200242/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9561 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94967 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN16200242/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9561 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "La vulnerabilidad de salto de directorios en Cybozu Garoon versiones 3.0.0 a 4.2.2 permite a los atacantes autenticados remotos leer archivos arbitrarios a trav\u00e9s de vectores no especificados"
}
],
"id": "CVE-2016-7802",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-09T16:29:00.390",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94967"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN16200242/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN16200242/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9561"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 06:15
Modified
2024-11-21 05:47
Severity ?
Summary
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cs.cybozu.co.jp/2021/007206.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN54794245/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32CA25F7-E8B5-47B0-8C38-0132843CA071",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "4.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
},
{
"lang": "es",
"value": "Una vulnerabilidad de omisi\u00f3n de restricciones operativas en Bulletin de Cybozu Garoon versiones 4.6.0 hasta 5.0.2, permite a un atacante autenticado remoto alterar los datos del Portal sin el privilegio apropiado."
}
],
"id": "CVE-2021-20759",
"lastModified": "2024-11-21T05:47:08.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T06:15:06.807",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-20 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html | VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9223 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN67595539/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92601 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9223 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD17B66-5D40-4951-941D-F4BA20480436",
"versionEndIncluding": "4.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"New appointment\" function in Cybozu Garoon before 4.2.2."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la funci\u00f3n \"New appointment\" en Cybozu Garoon en versiones anteriores a 4.2.2."
}
],
"id": "CVE-2016-1216",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-20T18:59:00.420",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 04:15
Modified
2024-11-21 05:34
Severity ?
Summary
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://kb.cybozu.support/article/36114/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN35649781/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cybozu.support/article/36114/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A714C0FA-0187-48FA-8CBF-284D5F73D596",
"versionEndIncluding": "4.10.3",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Cybozu Garoon versiones 4.0.0 hasta 4.10.3, permite a atacantes remotos obtener datos en el Men\u00fa de Aplicaciones."
}
],
"id": "CVE-2020-5567",
"lastModified": "2024-11-21T05:34:17.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T04:15:12.730",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36114/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.cybozu.support/article/36114/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | * | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.0 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.1 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 2.5 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.0 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.1 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 | |
| cybozu | garoon | 3.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp5:*:*:*:*:*:*",
"matchCriteriaId": "286C00A1-DEA3-4C4D-8236-CFFA73C92372",
"versionEndIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el componente report de Cybozu Garoon anterior a la versi\u00f3n 3.7.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-6909",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.307",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/6384"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-05 12:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "852EB14A-53AC-4C22-BE6B-8DB95FA7487F",
"versionEndIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "07FC26E9-FA80-4BB8-B239-BE37CA0E5BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "CF71E37E-908E-438A-9743-BB5D25ED5F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "18567DE5-3254-468E-9584-32C9418DAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "84148B9D-CFA3-4F53-A11E-AE7CEA6BB8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "5251D9B4-DEDB-4D99-97D3-3900E8F5EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "F2084B74-113F-4B42-85F7-602592BBBFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7189699-5D46-483A-BF12-092BD32C74E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "96F3B195-B10D-4ABA-A5F3-E242C7C0BA85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "33042DF3-CA82-4474-946F-EEF080C14D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "360867B7-354F-4253-8A97-571121BF43D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "27E24A5C-C425-493F-B557-07265251EFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "EC455565-5C7F-47A6-9664-4FD82F8EADDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3C29786F-C1CE-4716-BD3B-71BFD5D53311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F28FB567-BAB5-49DD-9A88-60A242BDD81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:2.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "91374D4F-F981-4FE5-8B83-DE4E5DDD29D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "299E9A6F-1DF1-406E-B3EB-BAD21392E569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57BBC64D-CC0A-4989-916B-8F96AE194283",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "ACACBF0A-0108-4B38-84C6-71505A3777AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A9204845-9463-420E-AF52-92BC557C288F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "091F5390-9ADF-49D9-83E1-BFD523CD03FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A3462F9A-A4CA-4622-9614-D1D94797EA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "64C1B9B8-14DF-4195-A130-BE4103292125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "3A63ACA4-BF92-4CB3-B078-5BA85478593D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "71CECA0B-D131-45A7-8D6C-E45EF0F09CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76EB8EC8-D968-408D-A0F2-14164F515C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp2:*:*:*:*:*:*",
"matchCriteriaId": "A0166440-4223-4ED5-9C55-0B2CBAEFF196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BFCFB357-293D-49CD-8090-FBD687F97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp4:*:*:*:*:*:*",
"matchCriteriaId": "63FA07F5-2085-4EE1-9BCB-2F9D0713014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F47A9F1D-E966-4BEE-AD2D-8DA23B848825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B16589DC-22D2-466A-B2D7-85E20A82B8B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8682FAF3-98E3-485C-89CB-C0358C4E2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross-site scripting (XSS) en el componente de tabl\u00f3n de anuncios de Cybozu Garoon anteriores a 3.7.2, cuando Internet Explorer o Firefox son utilizados, permite a usuarios autenticados inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-6911",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-05T12:55:37.417",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/100561"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "https://support.cybozu.com/ja-jp/article/7158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/100561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://support.cybozu.com/ja-jp/article/7158"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://support.cybozu.com/ja-jp/article/9655 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN73182875/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96429 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.cybozu.com/ja-jp/article/9655 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybozu | garoon | 3.0.0 | |
| cybozu | garoon | 3.0.1 | |
| cybozu | garoon | 3.0.2 | |
| cybozu | garoon | 3.0.3 | |
| cybozu | garoon | 3.1.0 | |
| cybozu | garoon | 3.1.1 | |
| cybozu | garoon | 3.1.2 | |
| cybozu | garoon | 3.1.3 | |
| cybozu | garoon | 3.5.0 | |
| cybozu | garoon | 3.5.1 | |
| cybozu | garoon | 3.5.2 | |
| cybozu | garoon | 3.5.3 | |
| cybozu | garoon | 3.5.4 | |
| cybozu | garoon | 3.5.5 | |
| cybozu | garoon | 3.7.0 | |
| cybozu | garoon | 3.7.1 | |
| cybozu | garoon | 3.7.2 | |
| cybozu | garoon | 3.7.3 | |
| cybozu | garoon | 3.7.4 | |
| cybozu | garoon | 3.7.5 | |
| cybozu | garoon | 4.0.0 | |
| cybozu | garoon | 4.0.1 | |
| cybozu | garoon | 4.0.2 | |
| cybozu | garoon | 4.0.3 | |
| cybozu | garoon | 4.2.0 | |
| cybozu | garoon | 4.2.1 | |
| cybozu | garoon | 4.2.2 | |
| cybozu | garoon | 4.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BB615D-E485-4ADE-B77D-FA9FB676DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18C7B082-06A5-4AC8-91D4-C6E2835AB286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF17D9A-4A2D-4F15-B377-AC6F6B2896AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13F08BE5-2639-4581-A49C-854820B25763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56525E34-BC26-4833-938F-F157B77D82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5195BBDF-2153-4600-8308-110BE2A73816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "921FEEAD-1C44-4E65-8912-102A31B3D0B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A70AA82-947D-49AC-9019-A1F06DF8ABBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F462AD2C-EF50-489D-99E0-EAA9D78D7D46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FAED9-AC11-4D20-885B-FFA04995F1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D36285-4AEF-4EE8-8737-10E3B89D3F1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB7D6AFF-BA89-4CCB-8F29-75592E3BA8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F181B9E-3613-42D4-92FA-3AA54BB10785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2014154-4685-4A48-AA69-02D0C1C78ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B681C16-60F7-46B5-BD26-25F7DC9F5F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19694FDB-184D-4C09-BD72-BB7B96F6391D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "595FBCBB-BC3F-4E18-AFBE-C95108C4CB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD33E00A-5082-42F4-81F5-4647BD602D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130F88-71DE-4FBF-B5DF-DD8173F03151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9B321F-6CDC-426B-AE62-090E067F3533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71CC4428-0CB4-497F-8274-52E6CC273D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A63B4B-0248-46B0-B0FB-7DBDD48DAA80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C3A49A-0C9C-4E43-B99C-2C28A12A8A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A428CA3-8FAF-4DEB-8D95-5E76098E83B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EABAA-964A-4242-939A-378B03A1F150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9487784-3EF9-4B11-A831-5F3D35BC716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B03D1A99-E1D3-4400-856C-62F2961E41FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cybozu:garoon:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4165B99C-EE50-4151-90AF-CE1F71E86D2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the \"MultiReport\" function to alter or delete information via unspecified vectors."
},
{
"lang": "es",
"value": "Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado sortear la restricci\u00f3n de acceso en Workflow y la funci\u00f3n \"MultiRepor\" para alterar o borrar informaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2094",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.497",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.cybozu.com/ja-jp/article/9655"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-6902 (GCVE-0-2013-6902)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/5838"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/5838"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "https://support.cybozu.com/ja-jp/article/5838",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/5838"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6902",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1217 (GCVE-0-2016-1217)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "JVNDB-2016-000146",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9235"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Check available times\" function in Cybozu Garoon before 4.2.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "JVNDB-2016-000146",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9235"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"Check available times\" function in Cybozu Garoon before 4.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67595539",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "JVNDB-2016-000146",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9235",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9235"
},
{
"name": "92601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1217",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27627 (GCVE-0-2022-27627)
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.2 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.2 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Organization\u0027s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.2 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Organization\u0027s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27627",
"datePublished": "2022-07-04T06:55:50",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1218 (GCVE-0-2016-1218)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000147",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html"
},
{
"name": "92600",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92600"
},
{
"name": "JVN#83568336",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN83568336/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9414"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cybozu Garoon before 4.2.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000147",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html"
},
{
"name": "92600",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92600"
},
{
"name": "JVN#83568336",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN83568336/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9414"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cybozu Garoon before 4.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000147",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html"
},
{
"name": "92600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92600"
},
{
"name": "JVN#83568336",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83568336/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9414",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9414"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1218",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1987 (GCVE-0-2014-1987)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140421news01.php"
},
{
"name": "JVN#42024228",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN42024228/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140421news01.php"
},
{
"name": "JVN#42024228",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN42024228/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000073",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000073"
},
{
"name": "http://cs.cybozu.co.jp/information/gr20140421news01.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140421news01.php"
},
{
"name": "JVN#42024228",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN42024228/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1987",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6914 (GCVE-0-2013-6914)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/7037",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7037"
},
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6914",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5978 (GCVE-0-2019-5978)
Vulnerability from cvelistv5
Published
2019-09-12 15:58
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect
Summary
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application \u0027Scheduler\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application \u0027Scheduler\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN62618482/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"name": "https://kb.cybozu.support/article/35916",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5978",
"datePublished": "2019-09-12T15:58:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20770 (GCVE-0-2021-20770)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:16",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20770",
"datePublished": "2021-08-18T05:36:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20764 (GCVE-0-2021-20764)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:07",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20764",
"datePublished": "2021-08-18T05:36:07",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5930 (GCVE-0-2019-5930)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34227/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application \u0027Management of Basic System\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34227/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application \u0027Management of Basic System\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34227/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34227/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5930",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5936 (GCVE-0-2019-5936)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35484/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application \u0027Work Flow\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35484/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application \u0027Work Flow\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35484/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35484/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5936",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20755 (GCVE-0-2021-20755)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Viewing restrictions bypass
Summary
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Viewing restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:52",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Viewing restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20755",
"datePublished": "2021-08-18T05:35:53",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20773 (GCVE-0-2021-20773)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Vulnerability where information is deleted unintentionally
Summary
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Vulnerability where information is deleted unintentionally",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Vulnerability where information is deleted unintentionally"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20773",
"datePublished": "2021-08-18T05:36:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16178 (GCVE-0-2018-16178)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#25385698",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.10.0"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#25385698",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.10.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#25385698",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"name": "https://kb.cybozu.support/article/35265",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16178",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26368 (GCVE-0-2022-26368)
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26368",
"datePublished": "2022-07-04T06:55:44",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0673 (GCVE-0-2018-0673)
Vulnerability from cvelistv5
Published
2018-11-15 15:00
Modified
2024-08-05 03:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.5.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name": "JVN#12583112",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.6.3"
}
]
}
],
"datePublic": "2018-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name": "JVN#12583112",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2018/006717.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name": "JVN#12583112",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0673",
"datePublished": "2018-11-15T15:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4906 (GCVE-0-2016-4906)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"name": "JVN#12281353",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via \"Messages\" function of Cybozu Garoon Keitai."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"name": "JVN#12281353",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via \"Messages\" function of Cybozu Garoon Keitai."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94969"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9511",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"name": "JVN#12281353",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4906",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5582 (GCVE-0-2020-5582)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36455/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36455/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36455/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36455/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5582",
"datePublished": "2020-06-30T10:20:41",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6903 (GCVE-0-2013-6903)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6165"
},
{
"name": "100571",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100571"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6165"
},
{
"name": "100571",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100571"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6165",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6165"
},
{
"name": "100571",
"refsource": "OSVDB",
"url": "http://osvdb.org/100571"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6903",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31400 (GCVE-0-2024-31400)
Vulnerability from cvelistv5
Published
2024-06-11 04:26
Modified
2024-11-08 21:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:46:12.890944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:24:53.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:26:31.583Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31400",
"datePublished": "2024-06-11T04:26:31.583Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-11-08T21:24:53.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27304 (GCVE-0-2023-27304)
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-17 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper authorization
Summary
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T18:00:39.679866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T18:02:06.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27304",
"datePublished": "2023-05-23T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2025-01-17T18:02:06.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4444 (GCVE-0-2006-4444)
Vulnerability from cvelistv5
Published
2006-08-29 23:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vuln.sg/cybozugaroon-en.html"
},
{
"name": "19731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19731"
},
{
"name": "28364",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28364"
},
{
"name": "28363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28363"
},
{
"name": "28365",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28365"
},
{
"name": "ADV-2006-3399",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3399"
},
{
"name": "cybozu-garoon2-multiple-sql-injection(28594)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28594"
},
{
"name": "28362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28362"
},
{
"name": "28361",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28361"
},
{
"name": "28366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28366"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vuln.sg/cybozugaroon-en.html"
},
{
"name": "19731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19731"
},
{
"name": "28364",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28364"
},
{
"name": "28363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28363"
},
{
"name": "28365",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28365"
},
{
"name": "ADV-2006-3399",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3399"
},
{
"name": "cybozu-garoon2-multiple-sql-injection(28594)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28594"
},
{
"name": "28362",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28362"
},
{
"name": "28361",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28361"
},
{
"name": "28366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28366"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21664"
},
{
"name": "http://cybozu.co.jp/products/dl/notice_060825/",
"refsource": "MISC",
"url": "http://cybozu.co.jp/products/dl/notice_060825/"
},
{
"name": "http://vuln.sg/cybozugaroon-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/cybozugaroon-en.html"
},
{
"name": "19731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19731"
},
{
"name": "28364",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28364"
},
{
"name": "28363",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28363"
},
{
"name": "28365",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28365"
},
{
"name": "ADV-2006-3399",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3399"
},
{
"name": "cybozu-garoon2-multiple-sql-injection(28594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28594"
},
{
"name": "28362",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28362"
},
{
"name": "28361",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28361"
},
{
"name": "28366",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28366"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4444",
"datePublished": "2006-08-29T23:00:00",
"dateReserved": "2006-08-29T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2094 (GCVE-0-2017-2094)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the \"MultiReport\" function to alter or delete information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the \"MultiReport\" function to alter or delete information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9655",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2094",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28713 (GCVE-0-2022-28713)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authentication
Summary
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:12",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28713",
"datePublished": "2022-07-04T06:56:12",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1215 (GCVE-0-2016-1215)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000144",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"User details\" function in Cybozu Garoon before 4.2.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000144",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"User details\" function in Cybozu Garoon before 4.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000144",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9223",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"name": "JVN#67595539",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "92601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1215",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0701 (GCVE-0-2013-0701)
Vulnerability from cvelistv5
Published
2013-02-14 11:00
Modified
2024-09-17 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130125up02.php"
},
{
"name": "JVNDB-2013-000007",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007"
},
{
"name": "JVN#07629635",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07629635/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130125up02.php"
},
{
"name": "JVNDB-2013-000007",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007"
},
{
"name": "JVN#07629635",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN07629635/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130125up02.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130125up02.php"
},
{
"name": "JVNDB-2013-000007",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007"
},
{
"name": "JVN#07629635",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07629635/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-0701",
"datePublished": "2013-02-14T11:00:00Z",
"dateReserved": "2012-12-28T00:00:00Z",
"dateUpdated": "2024-09-17T03:43:17.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31402 (GCVE-0-2024-31402)
Vulnerability from cvelistv5
Published
2024-06-11 05:21
Modified
2025-03-28 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:58:25.261394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T20:36:36.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:21:04.938Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31402",
"datePublished": "2024-06-11T05:21:04.938Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2025-03-28T20:36:36.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2144 (GCVE-0-2017-2144)
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.4"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user\u0027s file through a specially crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user\u0027s file through a specially crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9648",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"name": "JVN#43534286",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2144",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30943 (GCVE-0-2022-30943)
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 07:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control
Summary
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007682.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14077132/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30943",
"datePublished": "2022-07-11T00:40:24",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29467 (GCVE-0-2022-29467)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Exposure of Sensitive Information to an Unauthorized Actor
Summary
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.2.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:22",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29467",
"datePublished": "2022-07-04T06:56:22",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20775 (GCVE-0-2021-20775)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20775",
"datePublished": "2021-08-18T05:36:24",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20767 (GCVE-0-2021-20767)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:12",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20767",
"datePublished": "2021-08-18T05:36:12",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5583 (GCVE-0-2020-5583)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36408/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report\u0027s data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36408/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report\u0027s data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36408/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36408/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5583",
"datePublished": "2020-06-30T10:20:42",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0549 (GCVE-0-2018-0549)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.6.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.6.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10058",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0549",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1188 (GCVE-0-2016-1188)
Vulnerability from cvelistv5
Published
2016-06-25 21:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#18975349",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8845"
},
{
"name": "JVNDB-2016-000077",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#18975349",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8845"
},
{
"name": "JVNDB-2016-000077",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#18975349",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8845",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8845"
},
{
"name": "JVNDB-2016-000077",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077"
},
{
"name": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03",
"refsource": "CONFIRM",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1188",
"datePublished": "2016-06-25T21:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6907 (GCVE-0-2013-6907)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6166",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6907",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2255 (GCVE-0-2017-2255)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.7.0 to 4.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.7.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Space\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T14:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.7.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Space\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9746",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2255",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5940 (GCVE-0-2019-5940)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35490/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Scheduler\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35490/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Scheduler\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35490/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35490/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5940",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2258 (GCVE-0-2017-2258)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory traversal
Summary
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.2.4 to 4.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.4 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API \"WorkflowHandleApplications\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.4 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API \"WorkflowHandleApplications\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9846",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2258",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1332 (GCVE-0-2011-1332)
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-16 17:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"name": "JVNDB-2011-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
},
{
"name": "JVN#59779256",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN59779256/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-29T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"name": "JVNDB-2011-000044",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
},
{
"name": "JVN#59779256",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN59779256/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-6570."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0023.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"name": "JVNDB-2011-000044",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000044"
},
{
"name": "JVN#59779256",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59779256/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1332",
"datePublished": "2011-06-29T17:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-16T17:18:56.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6003 (GCVE-0-2013-6003)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000116",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6121"
},
{
"name": "JVN#84221103",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN84221103/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000116",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6121"
},
{
"name": "JVN#84221103",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN84221103/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000116",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000116"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6121",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6121"
},
{
"name": "JVN#84221103",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN84221103/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6003",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1992 (GCVE-0-2014-1992)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
},
{
"name": "JVNDB-2014-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
},
{
"name": "JVN#94838679",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN94838679/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
},
{
"name": "JVNDB-2014-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
},
{
"name": "JVN#94838679",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN94838679/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/gr20140714up05.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140714up05.php"
},
{
"name": "JVNDB-2014-000078",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078"
},
{
"name": "JVN#94838679",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN94838679/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1992",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7801 (GCVE-0-2016-7801)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users\u0027 To-Dos via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users\u0027 To-Dos via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14631222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "94966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94966"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9437",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7801",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5935 (GCVE-0-2019-5935)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35497/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35497/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35497/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35497/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5935",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6908 (GCVE-0-2013-6908)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/5870"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/5870"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "https://support.cybozu.com/ja-jp/article/5870",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/5870"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6908",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31404 (GCVE-0-2024-31404)
Vulnerability from cvelistv5
Published
2024-06-11 04:27
Modified
2024-11-21 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.5.0 to 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:22:03.808702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:00:13.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.5.0 to 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:27:07.608Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31404",
"datePublished": "2024-06-11T04:27:07.608Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-11-21T19:00:13.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0532 (GCVE-0-2018-0532)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9378",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0532",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20754 (GCVE-0-2021-20754)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:51",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20754",
"datePublished": "2021-08-18T05:35:51",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4910 (GCVE-0-2016-4910)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators\u0027 MultiReport filters via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators\u0027 MultiReport filters via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14631222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9461",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"name": "94966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4910",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1996 (GCVE-0-2014-1996)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074"
},
{
"name": "JVN#31082531",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN31082531/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up01.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000074",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074"
},
{
"name": "JVN#31082531",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN31082531/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up01.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000074",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000074"
},
{
"name": "JVN#31082531",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN31082531/index.html"
},
{
"name": "http://cs.cybozu.co.jp/information/gr20140714up01.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140714up01.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1996",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27803 (GCVE-0-2022-27803)
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27803",
"datePublished": "2022-07-04T06:55:59",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0533 (GCVE-0-2018-0533)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9375",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0533",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29892 (GCVE-0-2022-29892)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29892",
"datePublished": "2022-07-04T06:56:42",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5931 (GCVE-0-2019-5931)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34283/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34283/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34283/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34283/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5931",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0551 (GCVE-0-2018-0551)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.6.1"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.6.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10211",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0551",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6910 (GCVE-0-2013-6910)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6434"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6434"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6434",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6434"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6910",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1994 (GCVE-0-2014-1994)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#80583739",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN80583739/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000076",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#80583739",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN80583739/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000076",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#80583739",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80583739/index.html"
},
{
"name": "http://cs.cybozu.co.jp/information/gr20140714up04.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000076",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1994",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27661 (GCVE-0-2022-27661)
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27661",
"datePublished": "2022-07-04T06:55:56",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5977 (GCVE-0-2019-5977)
Vulnerability from cvelistv5
Published
2019-09-12 15:58
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application 'E-Mail'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inc." | Cybozu Garoon |
Version: 4.0.0 to 4.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Inc.\"",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application \u0027E-Mail\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.2"
}
]
}
}
]
},
"vendor_name": "Inc.\""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 may allow a remote authenticated attackers to alter mail header via the application \u0027E-Mail\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN62618482/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"name": "https://kb.cybozu.support/article/35915",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5977",
"datePublished": "2019-09-12T15:58:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5934 (GCVE-0-2019-5934)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35306/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application \u0027logging\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35306/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application \u0027logging\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35306/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35306/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5934",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6909 (GCVE-0-2013-6909)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6384"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6384"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/6384",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6384"
},
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6909",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5647 (GCVE-0-2015-5647)
Vulnerability from cvelistv5
Published
2015-10-12 10:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000151",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8810"
},
{
"name": "JVN#21025396",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-12T05:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2015-000151",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8810"
},
{
"name": "JVN#21025396",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000151",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8810",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8810"
},
{
"name": "JVN#21025396",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN21025396/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5647",
"datePublished": "2015-10-12T10:00:00",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:04.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0820 (GCVE-0-2014-0820)
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#26393529",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN26393529/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
},
{
"name": "JVNDB-2014-000023",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7994"
},
{
"name": "65815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T16:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#26393529",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN26393529/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
},
{
"name": "JVNDB-2014-000023",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7994"
},
{
"name": "65815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#26393529",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN26393529/index.html"
},
{
"name": "http://cs.cybozu.co.jp/information/gr20140225up05.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140225up05.php"
},
{
"name": "JVNDB-2014-000023",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7994",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7994"
},
{
"name": "65815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0820",
"datePublished": "2014-02-27T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6004 (GCVE-0-2013-6004)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVN#87729477",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87729477/index.html"
},
{
"name": "JVNDB-2013-000117",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVN#87729477",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87729477/index.html"
},
{
"name": "JVNDB-2013-000117",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVN#87729477",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87729477/index.html"
},
{
"name": "JVNDB-2013-000117",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000117"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6929",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6004",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5944 (GCVE-0-2019-5944)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35487/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35487/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35487/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35487/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5944",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:24.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5563 (GCVE-0-2020-5563)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authentication
Summary
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36118/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36118/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36118/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36118/"
},
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5563",
"datePublished": "2020-04-28T03:15:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20756 (GCVE-0-2021-20756)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Viewing restrictions bypass
Summary
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Viewing restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Viewing restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20756",
"datePublished": "2021-08-18T05:35:54",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29512 (GCVE-0-2022-29512)
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Exposure of Sensitive Information to an Unauthorized Actor
Summary
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007682.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14077132/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29512",
"datePublished": "2022-07-11T00:40:21",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1192 (GCVE-0-2016-1192)
Vulnerability from cvelistv5
Published
2016-06-19 20:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14749391",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"name": "JVNDB-2016-000095",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T20:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14749391",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"name": "JVNDB-2016-000095",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14749391",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"name": "JVNDB-2016-000095",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095"
},
{
"name": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03",
"refsource": "CONFIRM",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1192",
"datePublished": "2016-06-19T20:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6911 (GCVE-0-2013-6911)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7158"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100561"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7158"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100561",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100561"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7158",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7158"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100561",
"refsource": "OSVDB",
"url": "http://osvdb.org/100561"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6911",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0548 (GCVE-0-2018-0548)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.6.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Space\" via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Space\" via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9886",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0548",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29484 (GCVE-0-2022-29484)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:33",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29484",
"datePublished": "2022-07-04T06:56:33",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2254 (GCVE-0-2017-2254)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial-of-service (DoS)
Summary
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.5.0 to 4.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu\u0027s edit function via specially crafted input"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu\u0027s edit function via specially crafted input"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9751",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2254",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20771 (GCVE-0-2021-20771)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T09:15:10",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20771",
"datePublished": "2021-08-18T05:36:18",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20758 (GCVE-0-2021-20758)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery
Summary
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:57",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20758",
"datePublished": "2021-08-18T05:35:57",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7776 (GCVE-0-2015-7776)
Vulnerability from cvelistv5
Published
2016-06-19 20:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#53542912",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN53542912/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8757"
},
{
"name": "JVNDB-2016-000085",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T20:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#53542912",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN53542912/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8757"
},
{
"name": "JVNDB-2016-000085",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#53542912",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53542912/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8897",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8897"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8757",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8757"
},
{
"name": "JVNDB-2016-000085",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8982",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8982"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8951",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7776",
"datePublished": "2016-06-19T20:00:00",
"dateReserved": "2015-10-09T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5580 (GCVE-0-2020-5580)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36391",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36391"
},
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5580",
"datePublished": "2020-06-30T10:20:40",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5584 (GCVE-0-2020-5584)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36433/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36433/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36433/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36433/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5584",
"datePublished": "2020-06-30T10:20:42",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5646 (GCVE-0-2015-5646)
Vulnerability from cvelistv5
Published
2015-10-12 10:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:04.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8811"
},
{
"name": "JVNDB-2015-000151",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"name": "JVN#21025396",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-12T05:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8811"
},
{
"name": "JVNDB-2015-000151",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"name": "JVN#21025396",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/8811",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8811"
},
{
"name": "JVNDB-2015-000151",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151"
},
{
"name": "JVN#21025396",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN21025396/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN21025396/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN21025396/374951/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8809",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5646",
"datePublished": "2015-10-12T10:00:00",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:04.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26054 (GCVE-0-2022-26054)
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 04:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26054",
"datePublished": "2022-07-04T06:55:39",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5937 (GCVE-0-2019-5937)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35493/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35493/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35493/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35493/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5937",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1193 (GCVE-0-2016-1193)
Vulnerability from cvelistv5
Published
2016-06-25 21:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#25765762",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN25765762/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8919"
},
{
"name": "JVNDB-2016-000079",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#25765762",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN25765762/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8919"
},
{
"name": "JVNDB-2016-000079",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000079"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#25765762",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN25765762/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8919",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8919"
},
{
"name": "JVNDB-2016-000079",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000079"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1193",
"datePublished": "2016-06-25T21:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0821 (GCVE-0-2014-0821)
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71045461",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"name": "JVNDB-2014-000024",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7993"
},
{
"name": "65809",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65809"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up04.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-14T16:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71045461",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"name": "JVNDB-2014-000024",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7993"
},
{
"name": "65809",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65809"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up04.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71045461",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71045461/index.html"
},
{
"name": "JVNDB-2014-000024",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7993",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7993"
},
{
"name": "65809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65809"
},
{
"name": "http://cs.cybozu.co.jp/information/gr20140225up04.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140225up04.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0821",
"datePublished": "2014-02-27T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1988 (GCVE-0-2014-1988)
Vulnerability from cvelistv5
Published
2014-05-02 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8105"
},
{
"name": "JVN#90519014",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN90519014/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-02T04:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000042",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8105"
},
{
"name": "JVN#90519014",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN90519014/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000042",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8105",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8105"
},
{
"name": "JVN#90519014",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN90519014/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1988",
"datePublished": "2014-05-02T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1213 (GCVE-0-2016-1213)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#67266823",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67266823/index.html"
},
{
"name": "92596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92596"
},
{
"name": "JVNDB-2016-000142",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"Scheduler\" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#67266823",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67266823/index.html"
},
{
"name": "92596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92596"
},
{
"name": "JVNDB-2016-000142",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9221"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Scheduler\" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#67266823",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67266823/index.html"
},
{
"name": "92596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92596"
},
{
"name": "JVNDB-2016-000142",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000142"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9221",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9221"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1213",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0817 (GCVE-0-2014-0817)
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:20.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7992"
},
{
"name": "JVNDB-2014-000021",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
},
{
"name": "JVN#24035499",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24035499/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-27T00:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7992"
},
{
"name": "JVNDB-2014-000021",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
},
{
"name": "JVN#24035499",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24035499/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/gr20140225up03.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140225up03.php"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7992",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7992"
},
{
"name": "JVNDB-2014-000021",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021"
},
{
"name": "JVN#24035499",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24035499/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-0817",
"datePublished": "2014-02-27T01:00:00",
"dateReserved": "2014-01-06T00:00:00",
"dateUpdated": "2024-08-06T09:27:20.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6931 (GCVE-0-2013-6931)
Vulnerability from cvelistv5
Published
2014-01-29 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20140127up03.php"
},
{
"name": "JVNDB-2014-000010",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"name": "JVN#91153528",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7888"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T02:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20140127up03.php"
},
{
"name": "JVNDB-2014-000010",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"name": "JVN#91153528",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7888"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20140127up03.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20140127up03.php"
},
{
"name": "JVNDB-2014-000010",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"name": "JVN#91153528",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN91153528/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7888",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7888"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6931",
"datePublished": "2014-01-29T02:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1197 (GCVE-0-2016-1197)
Vulnerability from cvelistv5
Published
2016-06-19 15:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#37121456",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN37121456/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9303"
},
{
"name": "JVNDB-2016-000083",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#37121456",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN37121456/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9303"
},
{
"name": "JVNDB-2016-000083",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#37121456",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN37121456/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9303",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9303"
},
{
"name": "JVNDB-2016-000083",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1197",
"datePublished": "2016-06-19T15:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6905 (GCVE-0-2013-6905)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6195"
},
{
"name": "100573",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100573"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6195"
},
{
"name": "100573",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100573"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6195",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6195"
},
{
"name": "100573",
"refsource": "OSVDB",
"url": "http://osvdb.org/100573"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6905",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20761 (GCVE-0-2021-20761)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20761",
"datePublished": "2021-08-18T05:36:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1191 (GCVE-0-2016-1191)
Vulnerability from cvelistv5
Published
2016-06-19 20:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078"
},
{
"name": "JVN#14749391",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T20:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078"
},
{
"name": "JVN#14749391",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000078",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078"
},
{
"name": "JVN#14749391",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN14749391/index.html"
},
{
"name": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03",
"refsource": "CONFIRM",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1191",
"datePublished": "2016-06-19T20:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20753 (GCVE-0-2021-20753)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:49",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20753",
"datePublished": "2021-08-18T05:35:49",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0530 (GCVE-0-2018-0530)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.5.0 to 4.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9326",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0530",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20765 (GCVE-0-2021-20765)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:08",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20765",
"datePublished": "2021-08-18T05:36:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5643 (GCVE-0-2020-5643)
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36725/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T02:06:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36725/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36725/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36725/"
},
{
"name": "https://jvn.jp/en/jp/JVN57942454/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5643",
"datePublished": "2020-11-06T02:06:26",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1216 (GCVE-0-2016-1216)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "JVNDB-2016-000145",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"New appointment\" function in Cybozu Garoon before 4.2.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "JVNDB-2016-000145",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"New appointment\" function in Cybozu Garoon before 4.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9223",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9223"
},
{
"name": "JVN#67595539",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "JVNDB-2016-000145",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html"
},
{
"name": "92601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1216",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6900 (GCVE-0-2013-6900)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6153"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6153"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6153",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6153"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6900",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31401 (GCVE-0-2024-31401)
Vulnerability from cvelistv5
Published
2024-06-11 04:26
Modified
2024-08-02 01:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "garoon",
"vendor": "cybozu",
"versions": [
{
"lessThanOrEqual": "5.12.2",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:53:11.132057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:53:43.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:26:53.806Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31401",
"datePublished": "2024-06-11T04:26:53.806Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2093 (GCVE-0-2017-2093)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9647",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2093",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5585 (GCVE-0-2020-5585)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36432/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36432/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36432/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36432/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5585",
"datePublished": "2020-06-30T10:20:43",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5932 (GCVE-0-2019-5932)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34276/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34276/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34276/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5932",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26051 (GCVE-0-2022-26051)
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 04:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:34",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26051",
"datePublished": "2022-07-04T06:55:34",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6906 (GCVE-0-2013-6906)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6174"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100574",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100574"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6174"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100574",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100574"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6174",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6174"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100574",
"refsource": "OSVDB",
"url": "http://osvdb.org/100574"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6906",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2257 (GCVE-0-2017-2257)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9765",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2257",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5975 (GCVE-0-2019-5975)
Vulnerability from cvelistv5
Published
2019-09-12 15:58
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inc." | Cybozu Garoon |
Version: 4.6.0 to 4.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35912"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Inc.\"",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35912"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5975",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.10.2"
}
]
}
}
]
},
"vendor_name": "Inc.\""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/35912",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35912"
},
{
"name": "http://jvn.jp/en/jp/JVN62618482/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5975",
"datePublished": "2019-09-12T15:58:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0550 (GCVE-0-2018-0550)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.5.0 to 4.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.6.1"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Cabinet\" via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Cabinet\" via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10056",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0550",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5976 (GCVE-0-2019-5976)
Vulnerability from cvelistv5
Published
2019-09-12 15:58
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial-of-service (DoS)
Summary
Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inc." | Cybozu Garoon |
Version: 4.0.0 to 4.10.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Inc.\"",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.2"
}
]
}
}
]
},
"vendor_name": "Inc.\""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN62618482/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"name": "https://kb.cybozu.support/article/35913",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5976",
"datePublished": "2019-09-12T15:58:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5564 (GCVE-0-2020-5564)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36116/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027E-mail\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36116/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027E-mail\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36116/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36116/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5564",
"datePublished": "2020-04-28T03:15:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5933 (GCVE-0-2019-5933)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35307/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application \u0027Bulletin\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35307/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application \u0027Bulletin\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35307/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35307/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5933",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20762 (GCVE-0-2021-20762)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20762",
"datePublished": "2021-08-18T05:36:04",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6901 (GCVE-0-2013-6901)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100555",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100555"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100555",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100555"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100555",
"refsource": "OSVDB",
"url": "http://osvdb.org/100555"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6193",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6901",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5588 (GCVE-0-2020-5588)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal
Summary
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36410/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36410/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36410/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36410/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5588",
"datePublished": "2020-06-30T10:20:44",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5938 (GCVE-0-2019-5938)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35494/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Mail\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35494/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Mail\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35494/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35494/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5938",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6915 (GCVE-0-2013-6915)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6896"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6896"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6896",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6896"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6915",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29513 (GCVE-0-2022-29513)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29513",
"datePublished": "2022-07-04T06:56:38",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4909 (GCVE-0-2016-4909)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94973"
},
{
"name": "97911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"name": "JVN#15222211",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94973"
},
{
"name": "97911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"name": "JVN#15222211",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94973"
},
{
"name": "97911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97911"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9459",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"name": "JVN#15222211",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4909",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20768 (GCVE-0-2021-20768)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Operational restrictions bypass
Summary
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20768",
"datePublished": "2021-08-18T05:36:13",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2092 (GCVE-0-2017-2092)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9555",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2092",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1195 (GCVE-0-2016-1195)
Vulnerability from cvelistv5
Published
2016-06-19 15:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8987"
},
{
"name": "JVNDB-2016-000081",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081"
},
{
"name": "JVN#32218514",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN32218514/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8987"
},
{
"name": "JVNDB-2016-000081",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081"
},
{
"name": "JVN#32218514",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN32218514/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/8987",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8987"
},
{
"name": "JVNDB-2016-000081",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081"
},
{
"name": "JVN#32218514",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN32218514/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1195",
"datePublished": "2016-06-19T15:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6570 (GCVE-0-2008-6570)
Vulnerability from cvelistv5
Published
2009-03-31 17:00
Modified
2024-08-07 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/english/advisory/99_e.html"
},
{
"name": "46565",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46565"
},
{
"name": "29981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29981"
},
{
"name": "garoon-rss-xss(43426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43426"
},
{
"name": "JVN#52363223",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52363223/index.html"
},
{
"name": "30871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30871"
},
{
"name": "JVNDB-2008-000035",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/english/advisory/99_e.html"
},
{
"name": "46565",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46565"
},
{
"name": "29981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29981"
},
{
"name": "garoon-rss-xss(43426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43426"
},
{
"name": "JVN#52363223",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52363223/index.html"
},
{
"name": "30871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30871"
},
{
"name": "JVNDB-2008-000035",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0023.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0023.html"
},
{
"name": "http://www.lac.co.jp/english/advisory/99_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/english/advisory/99_e.html"
},
{
"name": "46565",
"refsource": "OSVDB",
"url": "http://osvdb.org/46565"
},
{
"name": "29981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"name": "garoon-rss-xss(43426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43426"
},
{
"name": "JVN#52363223",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52363223/index.html"
},
{
"name": "30871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30871"
},
{
"name": "JVNDB-2008-000035",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6570",
"datePublished": "2009-03-31T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6929 (GCVE-0-2013-6929)
Vulnerability from cvelistv5
Published
2013-12-28 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#60997973",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN60997973/index.html"
},
{
"name": "JVNDB-2013-000124",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#60997973",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN60997973/index.html"
},
{
"name": "JVNDB-2013-000124",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#60997973",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN60997973/index.html"
},
{
"name": "JVNDB-2013-000124",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000124"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7889",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6929",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1219 (GCVE-0-2016-1219)
Vulnerability from cvelistv5
Published
2017-04-20 17:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#89211736",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89211736/index.html"
},
{
"name": "JVNDB-2016-000148",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html"
},
{
"name": "92598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T16:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#89211736",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89211736/index.html"
},
{
"name": "JVNDB-2016-000148",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html"
},
{
"name": "92598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9408"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#89211736",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89211736/index.html"
},
{
"name": "JVNDB-2016-000148",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html"
},
{
"name": "92598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92598"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9408",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9408"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1219",
"datePublished": "2017-04-20T17:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5939 (GCVE-0-2019-5939)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35495/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35495/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35495/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35495/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5939",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5945 (GCVE-0-2019-5945)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.2.4 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.4 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users\u0027 credential information via the authentication of Cybozu Garoon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35488/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.4 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users\u0027 credential information via the authentication of Cybozu Garoon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35488/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35488/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5945",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6001 (GCVE-0-2013-6001)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6955"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"name": "JVNDB-2013-000114",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVN#82375148",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN82375148/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6955"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"name": "JVNDB-2013-000114",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVN#82375148",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN82375148/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/6955",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6955"
},
{
"name": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html",
"refsource": "CONFIRM",
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"name": "JVNDB-2013-000114",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000114"
},
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVN#82375148",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82375148/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6001",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31472 (GCVE-0-2022-31472)
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 07:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:25",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-31472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-31472",
"datePublished": "2022-07-11T00:40:25",
"dateReserved": "2022-06-03T00:00:00",
"dateUpdated": "2024-08-03T07:19:06.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6904 (GCVE-0-2013-6904)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6395"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100572",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100572"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6395"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100572",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100572"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/6395",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6395"
},
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "100572",
"refsource": "OSVDB",
"url": "http://osvdb.org/100572"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6904",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5991 (GCVE-0-2019-5991)
Vulnerability from cvelistv5
Published
2019-09-12 15:58
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Inc." | Cybozu Garoon |
Version: 4.0.0 to 4.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71877187/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Inc.\"",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN71877187/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Inc.\""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/35975",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35975"
},
{
"name": "http://jvn.jp/en/jp/JVN71877187/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN71877187/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5991",
"datePublished": "2019-09-12T15:58:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31403 (GCVE-0-2024-31403)
Vulnerability from cvelistv5
Published
2024-06-11 04:27
Modified
2024-08-02 01:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 6.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "garoon",
"vendor": "cybozu",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:43:35.558730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:49:23.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:27:01.971Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31403",
"datePublished": "2024-06-11T04:27:01.971Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-08-02T01:52:56.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5586 (GCVE-0-2020-5586)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.3 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36453/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.3 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36453/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.3 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36453/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36453/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5586",
"datePublished": "2020-06-30T10:20:43",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1333 (GCVE-0-2011-1333)
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-17 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "45063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45063"
},
{
"name": "JVNDB-2011-000045",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#80877328",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN80877328/index.html"
},
{
"name": "73327",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-29T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "45063",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45063"
},
{
"name": "JVNDB-2011-000045",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#80877328",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN80877328/index.html"
},
{
"name": "73327",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73327"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the bulletin board system.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0019.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "45063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45063"
},
{
"name": "JVNDB-2011-000045",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000045"
},
{
"name": "48446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#80877328",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80877328/index.html"
},
{
"name": "73327",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73327"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1333",
"datePublished": "2011-06-29T17:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-17T00:40:53.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20766 (GCVE-0-2021-20766)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:10",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20766",
"datePublished": "2021-08-18T05:36:10",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4908 (GCVE-0-2016-4908)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "97912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user\u0027s private RSS settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "97912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user\u0027s private RSS settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14631222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "97912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "94966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94966"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9399",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4908",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28718 (GCVE-0-2022-28718)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:17",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28718",
"datePublished": "2022-07-04T06:56:17",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31398 (GCVE-0-2024-31398)
Vulnerability from cvelistv5
Published
2024-06-11 05:20
Modified
2025-03-13 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:54:10.200588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:17:16.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:20:51.967Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31398",
"datePublished": "2024-06-11T05:20:51.967Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2025-03-13T13:17:16.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5946 (GCVE-0-2019-5946)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect
Summary
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.2.4 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35492/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.4 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35492/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.4 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35492/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35492/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5946",
"datePublished": "2019-05-17T15:25:56",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1214 (GCVE-0-2016-1214)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000143",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html"
},
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9222"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the \"Response request\" function in Cybozu Garoon before 4.2.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000143",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html"
},
{
"name": "JVN#67595539",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9222"
},
{
"name": "92601",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the \"Response request\" function in Cybozu Garoon before 4.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000143",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html"
},
{
"name": "JVN#67595539",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN67595539/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9222",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9222"
},
{
"name": "92601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1214",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7802 (GCVE-0-2016-7802)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9561"
},
{
"name": "JVN#16200242",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN16200242/index.html"
},
{
"name": "94967",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9561"
},
{
"name": "JVN#16200242",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN16200242/index.html"
},
{
"name": "94967",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94967"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9561",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9561"
},
{
"name": "JVN#16200242",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN16200242/index.html"
},
{
"name": "94967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94967"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7802",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5567 (GCVE-0-2020-5567)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authentication
Summary
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36114/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36114/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36114/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36114/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5567",
"datePublished": "2020-04-28T03:15:30",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1190 (GCVE-0-2016-1190)
Vulnerability from cvelistv5
Published
2016-06-25 21:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8877"
},
{
"name": "JVN#18975349",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"name": "JVNDB-2016-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8877"
},
{
"name": "JVN#18975349",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"name": "JVNDB-2016-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/8877",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8877"
},
{
"name": "JVN#18975349",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"name": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03",
"refsource": "CONFIRM",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
},
{
"name": "JVNDB-2016-000094",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1190",
"datePublished": "2016-06-25T21:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20763 (GCVE-0-2021-20763)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Operational restrictions bypass
Summary
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20763",
"datePublished": "2021-08-18T05:36:05",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20774 (GCVE-0-2021-20774)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20774",
"datePublished": "2021-08-18T05:36:23",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1189 (GCVE-0-2016-1189)
Vulnerability from cvelistv5
Published
2016-06-25 21:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#18975349",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9020"
},
{
"name": "JVNDB-2016-000093",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#18975349",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9020"
},
{
"name": "JVNDB-2016-000093",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#18975349",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18975349/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9020",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9020"
},
{
"name": "JVNDB-2016-000093",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093"
},
{
"name": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03",
"refsource": "CONFIRM",
"url": "https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1189",
"datePublished": "2016-06-25T21:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1196 (GCVE-0-2016-1196)
Vulnerability from cvelistv5
Published
2016-06-19 20:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#33879831",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN33879831/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8970"
},
{
"name": "JVNDB-2016-000082",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T20:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#33879831",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN33879831/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8970"
},
{
"name": "JVNDB-2016-000082",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#33879831",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33879831/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8970",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8970"
},
{
"name": "JVNDB-2016-000082",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1196",
"datePublished": "2016-06-19T20:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5566 (GCVE-0-2020-5566)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36113/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application\u0027s data via the applications \u0027E-mail\u0027 and \u0027Messages\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36113/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application\u0027s data via the applications \u0027E-mail\u0027 and \u0027Messages\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36113/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36113/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5566",
"datePublished": "2020-04-28T03:15:30",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0531 (GCVE-0-2018-0531)
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9349",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0531",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29471 (GCVE-0-2022-29471)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control
Summary
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.9.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29471",
"datePublished": "2022-07-04T06:56:28",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6930 (GCVE-0-2013-6930)
Vulnerability from cvelistv5
Published
2014-01-29 02:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000010",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20140127up02.php"
},
{
"name": "JVN#91153528",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-29T02:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000010",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20140127up02.php"
},
{
"name": "JVN#91153528",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7886"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000010",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010"
},
{
"name": "http://cs.cybozu.co.jp/information/20140127up02.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20140127up02.php"
},
{
"name": "JVN#91153528",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN91153528/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN91153528/374951/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN91153528/374951/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7886",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7886"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6930",
"datePublished": "2014-01-29T02:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4907 (GCVE-0-2016-4907)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"name": "94965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94965"
},
{
"name": "JVN#13218253",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"name": "94965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94965"
},
{
"name": "JVN#13218253",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9441",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"name": "94965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94965"
},
{
"name": "JVN#13218253",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4907",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20757 (GCVE-0-2021-20757)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Operational restrictions bypass
Summary
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20757",
"datePublished": "2021-08-18T05:35:56",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20760 (GCVE-0-2021-20760)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20760",
"datePublished": "2021-08-18T05:36:01",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2146 (GCVE-0-2017-2146)
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.4"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9702",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"name": "JVN#43534286",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2146",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1995 (GCVE-0-2014-1995)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up02.php"
},
{
"name": "JVNDB-2014-000075",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075"
},
{
"name": "JVN#97558950",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN97558950/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up02.php"
},
{
"name": "JVNDB-2014-000075",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075"
},
{
"name": "JVN#97558950",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN97558950/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/gr20140714up02.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140714up02.php"
},
{
"name": "JVNDB-2014-000075",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075"
},
{
"name": "JVN#97558950",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN97558950/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1995",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1220 (GCVE-0-2016-1220)
Vulnerability from cvelistv5
Published
2017-04-20 18:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon before 4.2.2 does not properly restrict access.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000149",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9407"
},
{
"name": "JVN#93411577",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN93411577/index.html"
},
{
"name": "92599",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon before 4.2.2 does not properly restrict access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000149",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9407"
},
{
"name": "JVN#93411577",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN93411577/index.html"
},
{
"name": "92599",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon before 4.2.2 does not properly restrict access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000149",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9407",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9407"
},
{
"name": "JVN#93411577",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93411577/index.html"
},
{
"name": "92599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1220",
"datePublished": "2017-04-20T18:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2091 (GCVE-0-2017-2091)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9570",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2091",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28692 (GCVE-0-2022-28692)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:09",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28692",
"datePublished": "2022-07-04T06:56:09",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6006 (GCVE-0-2013-6006)
Vulnerability from cvelistv5
Published
2013-12-28 02:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7893"
},
{
"name": "JVNDB-2013-000125",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
},
{
"name": "JVN#81706478",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81706478/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-28T02:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7893"
},
{
"name": "JVNDB-2013-000125",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
},
{
"name": "JVN#81706478",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81706478/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/7893",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7893"
},
{
"name": "JVNDB-2013-000125",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125"
},
{
"name": "JVN#81706478",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81706478/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6006",
"datePublished": "2013-12-28T02:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5562 (GCVE-0-2020-5562)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-Side Request Forgery (SSRF)
Summary
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36304",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36304"
},
{
"name": "https://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5562",
"datePublished": "2020-04-28T03:15:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1989 (GCVE-0-2014-1989)
Vulnerability from cvelistv5
Published
2014-05-02 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:15.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja/article/5264"
},
{
"name": "JVN#31230946",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN31230946/index.html"
},
{
"name": "JVNDB-2014-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-02T04:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja/article/5264"
},
{
"name": "JVN#31230946",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN31230946/index.html"
},
{
"name": "JVNDB-2014-000043",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja/article/5264",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja/article/5264"
},
{
"name": "JVN#31230946",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN31230946/index.html"
},
{
"name": "JVNDB-2014-000043",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1989",
"datePublished": "2014-05-02T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:15.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6912 (GCVE-0-2013-6912)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:44.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100560",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100560"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6927"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100560",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100560"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6927"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100560",
"refsource": "OSVDB",
"url": "http://osvdb.org/100560"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6927",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6927"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6912",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:44.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5929 (GCVE-0-2019-5929)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34277/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Memo\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34277/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Memo\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34277/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34277/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5929",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5568 (GCVE-0-2020-5568)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36302/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications \u0027Messages\u0027 and \u0027Bulletin Board\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36302/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications \u0027Messages\u0027 and \u0027Bulletin Board\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36302/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36302/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5568",
"datePublished": "2020-04-28T03:15:31",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6002 (GCVE-0-2013-6002)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6571"
},
{
"name": "JVN#94245330",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN94245330/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000115",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-05T07:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6571"
},
{
"name": "JVN#94245330",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN94245330/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000115",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html",
"refsource": "CONFIRM",
"url": "http://products.cybozu.co.jp/garoon/download/update/gr3/fix371sp1.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6571",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6571"
},
{
"name": "JVN#94245330",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN94245330/index.html"
},
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "JVNDB-2013-000115",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6002",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-10-03T00:00:00",
"dateUpdated": "2024-08-06T17:29:42.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2145 (GCVE-0-2017-2145)
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Session fixation
Summary
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.2.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.2.4"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.2.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9695",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"name": "JVN#43534286",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2145",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26595 (GCVE-0-2023-26595)
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-28 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial-of-service (DoS)
Summary
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T18:53:37.691469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T18:56:21.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-26595",
"datePublished": "2023-05-23T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T18:56:21.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6916 (GCVE-0-2013-6916)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100554",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100554"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/7157"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100554",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100554"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/7157"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100554",
"refsource": "OSVDB",
"url": "http://osvdb.org/100554"
},
{
"name": "https://support.cybozu.com/ja-jp/article/7157",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/7157"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6916",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5581 (GCVE-0-2020-5581)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path Traversal
Summary
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36393"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36393"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36393",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36393"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5581",
"datePublished": "2020-06-30T10:20:41",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5928 (GCVE-0-2019-5928)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34279/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34279/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/34279/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34279/"
},
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5928",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6569 (GCVE-0-2008-6569)
Vulnerability from cvelistv5
Published
2009-03-31 17:00
Modified
2024-08-07 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2008-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
},
{
"name": "29981",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29981"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/info/advisory/98.html"
},
{
"name": "garoon-unspecified-session-hijacking(43427)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
},
{
"name": "JVN#18700809",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN18700809/index.html"
},
{
"name": "30871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30871"
},
{
"name": "46564",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46564"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVNDB-2008-000034",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
},
{
"name": "29981",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29981"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/info/advisory/98.html"
},
{
"name": "garoon-unspecified-session-hijacking(43427)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
},
{
"name": "JVN#18700809",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN18700809/index.html"
},
{
"name": "30871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30871"
},
{
"name": "46564",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46564"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2008-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
},
{
"name": "29981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"name": "http://www.lac.co.jp/info/advisory/98.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/info/advisory/98.html"
},
{
"name": "garoon-unspecified-session-hijacking(43427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
},
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0021.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
},
{
"name": "JVN#18700809",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18700809/index.html"
},
{
"name": "30871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30871"
},
{
"name": "46564",
"refsource": "OSVDB",
"url": "http://osvdb.org/46564"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6569",
"datePublished": "2009-03-31T17:00:00",
"dateReserved": "2009-03-31T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5649 (GCVE-0-2015-5649)
Vulnerability from cvelistv5
Published
2015-10-08 20:00
Modified
2024-08-06 06:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:03.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#38369032",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN38369032/index.html"
},
{
"name": "JVNDB-2015-000152",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-08T20:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#38369032",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN38369032/index.html"
},
{
"name": "JVNDB-2015-000152",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#38369032",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN38369032/index.html"
},
{
"name": "JVNDB-2015-000152",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9176",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5649",
"datePublished": "2015-10-08T20:00:00",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:03.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5587 (GCVE-0-2020-5587)
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36409/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36409/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36409/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36409/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5587",
"datePublished": "2020-06-30T10:20:44",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27384 (GCVE-0-2023-27384)
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-17 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper access control
Summary
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:57:24.943357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T17:59:12.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27384",
"datePublished": "2023-05-23T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2025-01-17T17:59:12.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39457 (GCVE-0-2024-39457)
Vulnerability from cvelistv5
Published
2024-07-19 08:36
Modified
2025-03-19 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 6.0.0 to 6.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T16:47:27.038484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T20:42:34.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN74825766/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "6.0.0 to 6.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:36:27.786Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"url": "https://jvn.jp/en/jp/JVN74825766/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39457",
"datePublished": "2024-07-19T08:36:27.786Z",
"dateReserved": "2024-06-25T06:24:51.487Z",
"dateUpdated": "2025-03-19T20:42:34.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0607 (GCVE-0-2018-0607)
Vulnerability from cvelistv5
Published
2018-07-26 17:00
Modified
2024-08-05 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.5.0 to 4.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#13415512",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/33120/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.6.2"
}
]
}
],
"datePublic": "2018-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T16:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#13415512",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.cybozu.support/article/33120/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#13415512",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"name": "https://kb.cybozu.support/article/33120/",
"refsource": "CONFIRM",
"url": "https://kb.cybozu.support/article/33120/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0607",
"datePublished": "2018-07-26T17:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30602 (GCVE-0-2022-30602)
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 06:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:12.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:22",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007682.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14077132/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30602",
"datePublished": "2022-07-11T00:40:22",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T06:56:12.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2256 (GCVE-0-2017-2256)
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Memo\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T14:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Memo\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9744",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2256",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5565 (GCVE-0-2020-5565)
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application\u0027s data via the applications \u0027Workflow\u0027 and \u0027MultiReport\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application\u0027s data via the applications \u0027Workflow\u0027 and \u0027MultiReport\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36119/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5565",
"datePublished": "2020-04-28T03:15:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5947 (GCVE-0-2019-5947)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35496/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Cabinet\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35496/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Cabinet\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35496/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35496/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5947",
"datePublished": "2019-05-17T15:25:56",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20769 (GCVE-0-2021-20769)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:15",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20769",
"datePublished": "2021-08-18T05:36:15",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5943 (GCVE-0-2019-5943)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35486/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application \u0027Bulletin\u0027 and the application \u0027Cabinet\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35486/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application \u0027Bulletin\u0027 and the application \u0027Cabinet\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35486/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35486/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5943",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:24.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1334 (GCVE-0-2011-1334)
Vulnerability from cvelistv5
Published
2011-06-29 17:00
Modified
2024-09-17 01:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the mail system."
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-29T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"downloading graphic files from the mail system.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cybozu.co.jp/products/dl/notice/detail/0019.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0019.html"
},
{
"name": "73317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73317"
},
{
"name": "48446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48446"
},
{
"name": "JVN#54074460",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN54074460/index.html"
},
{
"name": "45043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45043"
},
{
"name": "JVNDB-2011-000046",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1334",
"datePublished": "2011-06-29T17:00:00Z",
"dateReserved": "2011-03-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:16:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20759 (GCVE-0-2021-20759)
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Operational restrictions bypass
Summary
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20759",
"datePublished": "2021-08-18T05:35:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7775 (GCVE-0-2015-7775)
Vulnerability from cvelistv5
Published
2016-06-19 15:00
Modified
2024-08-06 07:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000084",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084"
},
{
"name": "JVN#49285177",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49285177/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-19T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000084",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084"
},
{
"name": "JVN#49285177",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49285177/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000084",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000084"
},
{
"name": "JVN#49285177",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49285177/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/8893",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7775",
"datePublished": "2016-06-19T15:00:00",
"dateReserved": "2015-10-09T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5942 (GCVE-0-2019-5942)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35485/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35485/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35485/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35485/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5942",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31399 (GCVE-0-2024-31399)
Vulnerability from cvelistv5
Published
2024-06-11 05:34
Modified
2025-03-20 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Excessive Platform Resource Consumption within a Loop
Summary
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:21:30.661944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:56:16.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive Platform Resource Consumption within a Loop",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:34:34.564Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31399",
"datePublished": "2024-06-11T05:34:34.564Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2025-03-20T18:56:16.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6913 (GCVE-0-2013-6913)
Vulnerability from cvelistv5
Published
2013-12-05 11:00
Modified
2024-08-06 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/100559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/6928"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100559",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/100559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/6928"
},
{
"name": "JVNDB-2013-000113",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name": "100559",
"refsource": "OSVDB",
"url": "http://osvdb.org/100559"
},
{
"name": "https://support.cybozu.com/ja-jp/article/6928",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6928"
},
{
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-6913",
"datePublished": "2013-12-05T11:00:00",
"dateReserved": "2013-11-29T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5941 (GCVE-0-2019-5941)
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 4.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35489/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application \u0027Multi Report\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35489/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application \u0027Multi Report\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35489/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35489/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5941",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27807 (GCVE-0-2022-27807)
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Input Validation
Summary
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:33:00.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27807",
"datePublished": "2022-07-04T06:56:04",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:33:00.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2095 (GCVE-0-2017-2095)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to restrict access
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9660",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2095",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0702 (GCVE-0-2013-0702)
Vulnerability from cvelistv5
Published
2013-02-14 11:00
Modified
2024-09-17 00:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/20130125up01.php"
},
{
"name": "JVN#95863326",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN95863326/index.html"
},
{
"name": "JVNDB-2013-000008",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-14T11:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/20130125up01.php"
},
{
"name": "JVN#95863326",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN95863326/index.html"
},
{
"name": "JVNDB-2013-000008",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-0702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/20130125up01.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/20130125up01.php"
},
{
"name": "JVN#95863326",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95863326/index.html"
},
{
"name": "JVNDB-2013-000008",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-0702",
"datePublished": "2013-02-14T11:00:00Z",
"dateReserved": "2012-12-28T00:00:00Z",
"dateUpdated": "2024-09-17T00:06:20.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1993 (GCVE-0-2014-1993)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000077",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077"
},
{
"name": "JVN#75990997",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN75990997/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000077",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077"
},
{
"name": "JVN#75990997",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN75990997/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-1993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cs.cybozu.co.jp/information/gr20140714up04.php",
"refsource": "CONFIRM",
"url": "http://cs.cybozu.co.jp/information/gr20140714up04.php"
},
{
"name": "JVNDB-2014-000077",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077"
},
{
"name": "JVN#75990997",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75990997/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-1993",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-02-17T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20772 (GCVE-0-2021-20772)
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:19",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20772",
"datePublished": "2021-08-18T05:36:20",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7803 (GCVE-0-2016-7803)
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 3.0.0 to 4.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94974"
},
{
"name": "JVN#17980240",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via \"MultiReport\" function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94974"
},
{
"name": "JVN#17980240",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via \"MultiReport\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94974"
},
{
"name": "JVN#17980240",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9447",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7803",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1194 (GCVE-0-2016-1194)
Vulnerability from cvelistv5
Published
2017-04-21 14:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/8983"
},
{
"name": "JVNDB-2016-000080",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html"
},
{
"name": "JVN#26298347",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN26298347/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/8983"
},
{
"name": "JVNDB-2016-000080",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html"
},
{
"name": "JVN#26298347",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN26298347/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/8983",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/8983"
},
{
"name": "JVNDB-2016-000080",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html"
},
{
"name": "JVN#26298347",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN26298347/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1194",
"datePublished": "2017-04-21T14:00:00",
"dateReserved": "2015-12-26T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}