All the vulnerabilites related to Cybozu, Inc. - Cybozu Garoon
cve-2017-2146
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9702 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN43534286/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.4"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9702",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9702"
},
{
"name": "JVN#43534286",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2146",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31403
Vulnerability from cvelistv5
Published
2024-06-11 04:27
Modified
2024-08-02 01:52
Severity
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "garoon",
"vendor": "cybozu",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:43:35.558730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:49:23.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:27:01.971Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31403",
"datePublished": "2024-06-11T04:27:01.971Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-08-02T01:52:56.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5941
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35489/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35489/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application \u0027Multi Report\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35489/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application \u0027Multi Report\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35489/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35489/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5941",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29484
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity
Summary
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:33",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29484",
"datePublished": "2022-07-04T06:56:33",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5946
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35492/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35492/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.4 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35492/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.4 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35492/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35492/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5946",
"datePublished": "2019-05-17T15:25:56",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20775
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20775",
"datePublished": "2021-08-18T05:36:24",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28713
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:03
Severity
Summary
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:12",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28713",
"datePublished": "2022-07-04T06:56:12",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20770
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:16",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20770",
"datePublished": "2021-08-18T05:36:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30602
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 06:56
Severity
Summary
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007682.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN14077132/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:12.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:22",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007682.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14077132/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30602",
"datePublished": "2022-07-11T00:40:22",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T06:56:12.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26051
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 04:56
Severity
Summary
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:34",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26051",
"datePublished": "2022-07-04T06:55:34",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29892
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:33
Severity
Summary
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29892",
"datePublished": "2022-07-04T06:56:42",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31400
Vulnerability from cvelistv5
Published
2024-06-11 04:26
Modified
2024-08-02 01:52
Severity
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:46:12.890944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T15:46:25.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:26:31.583Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31400",
"datePublished": "2024-06-11T04:26:31.583Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2257
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9765 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN63564682/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9765",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9765"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2257",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4906
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
References
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94969 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9511 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN12281353/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"name": "JVN#12281353",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via \"Messages\" function of Cybozu Garoon Keitai."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"name": "JVN#12281353",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via \"Messages\" function of Cybozu Garoon Keitai."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94969"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9511",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9511"
},
{
"name": "JVN#12281353",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN12281353/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4906",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29467
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity
Summary
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:22",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29467",
"datePublished": "2022-07-04T06:56:22",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4909
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity
Summary
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94973 | vdb-entry, x_refsource_BID |
| http://www.securityfocus.com/bid/97911 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9459 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN15222211/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94973",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94973"
},
{
"name": "97911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"name": "JVN#15222211",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94973",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94973"
},
{
"name": "97911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"name": "JVN#15222211",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94973"
},
{
"name": "97911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97911"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9459",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9459"
},
{
"name": "JVN#15222211",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15222211/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4909",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0530
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9326 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9326",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9326"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0530",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4910
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14631222/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/9461 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94966 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators\u0027 MultiReport filters via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators\u0027 MultiReport filters via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14631222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9461",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9461"
},
{
"name": "94966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4910",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31472
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 07:19
Severity
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:06.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:25",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-31472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-31472",
"datePublished": "2022-07-11T00:40:25",
"dateReserved": "2022-06-03T00:00:00",
"dateUpdated": "2024-08-03T07:19:06.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5583
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36408/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36408/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report\u0027s data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36408/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report\u0027s data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36408/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36408/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5583",
"datePublished": "2020-06-30T10:20:42",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5580
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/36391 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:40",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36391",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36391"
},
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5580",
"datePublished": "2020-06-30T10:20:40",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5581
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36393 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36393"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36393"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36393",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36393"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5581",
"datePublished": "2020-06-30T10:20:41",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5587
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36409/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36409/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36409/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36409/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36409/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5587",
"datePublished": "2020-06-30T10:20:44",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27384
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:09
Severity
Summary
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27384",
"datePublished": "2023-05-23T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T12:09:43.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2255
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9746 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN63564682/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.7.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Space\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T14:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.7.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Space\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9746",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9746"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2255",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:04.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31404
Vulnerability from cvelistv5
Published
2024-06-11 04:27
Modified
2024-08-02 01:52
Severity
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:22:03.808702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:22:13.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.5.0 to 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:27:07.608Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31404",
"datePublished": "2024-06-11T04:27:07.608Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-08-02T01:52:56.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0607
Vulnerability from cvelistv5
Published
2018-07-26 17:00
Modified
2024-08-05 03:28
Severity
Summary
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN13415512/index.html | third-party-advisory, x_refsource_JVN |
| https://kb.cybozu.support/article/33120/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#13415512",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/33120/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.6.2"
}
]
}
],
"datePublic": "2018-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-26T16:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#13415512",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.cybozu.support/article/33120/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#13415512",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13415512/index.html"
},
{
"name": "https://kb.cybozu.support/article/33120/",
"refsource": "CONFIRM",
"url": "https://kb.cybozu.support/article/33120/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0607",
"datePublished": "2018-07-26T17:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31401
Vulnerability from cvelistv5
Published
2024-06-11 04:26
Modified
2024-08-02 01:52
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "garoon",
"vendor": "cybozu",
"versions": [
{
"lessThanOrEqual": "5.12.2",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:53:11.132057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:53:43.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:26:53.806Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31401",
"datePublished": "2024-06-11T04:26:53.806Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5933
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35307/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35307/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application \u0027Bulletin\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35307/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application \u0027Bulletin\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35307/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35307/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5933",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20763
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20763",
"datePublished": "2021-08-18T05:36:05",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29513
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29513",
"datePublished": "2022-07-04T06:56:38",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0531
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9349 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9349",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9349"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0531",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2094
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9655 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the \"MultiReport\" function to alter or delete information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the \"MultiReport\" function to alter or delete information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9655",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9655"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2094",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5939
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35495/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35495/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35495/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35495/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35495/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5939",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20755
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Viewing restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:52",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Viewing restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20755",
"datePublished": "2021-08-18T05:35:53",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2095
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9660 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9660",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9660"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2095",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5588
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36410/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36410/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36410/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36410/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36410/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5588",
"datePublished": "2020-06-30T10:20:44",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0532
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9378 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9378",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0532",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16178
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity
Summary
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN25385698/index.html | third-party-advisory, x_refsource_JVN |
| https://kb.cybozu.support/article/35265 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#25385698",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35265"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.10.0"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#25385698",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35265"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.10.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#25385698",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN25385698/index.html"
},
{
"name": "https://kb.cybozu.support/article/35265",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35265"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16178",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2254
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity
Summary
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9751 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN63564682/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu\u0027s edit function via specially crafted input"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu\u0027s edit function via specially crafted input"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9751",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9751"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2254",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27661
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:32
Severity
Summary
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27661",
"datePublished": "2022-07-04T06:55:56",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5932
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/34276/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34276/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34276/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Portal\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34276/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34276/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5932",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5929
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/34277/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34277/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Memo\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34277/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Memo\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34277/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34277/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5929",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4908
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14631222/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/97912 | vdb-entry, x_refsource_BID |
| http://www.securityfocus.com/bid/94966 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9399 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "97912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user\u0027s private RSS settings via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "97912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user\u0027s private RSS settings via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14631222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "97912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97912"
},
{
"name": "94966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94966"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9399",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4908",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20766
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:10",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20766",
"datePublished": "2021-08-18T05:36:10",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20759
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20759",
"datePublished": "2021-08-18T05:35:59",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5943
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35486/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35486/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application \u0027Bulletin\u0027 and the application \u0027Cabinet\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35486/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application \u0027Bulletin\u0027 and the application \u0027Cabinet\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35486/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35486/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5943",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:24.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0551
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/10211 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.6.1"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.6.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10211",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10211"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0551",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5565
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN35649781/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36119/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application\u0027s data via the applications \u0027Workflow\u0027 and \u0027MultiReport\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application\u0027s data via the applications \u0027Workflow\u0027 and \u0027MultiReport\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36119/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5565",
"datePublished": "2020-04-28T03:15:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2256
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9744 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN63564682/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Memo\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T14:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via \"Rich text\" function of the application \"Memo\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9744",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9744"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2256",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5931
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/34283/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34283/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34283/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34283/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34283/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5931",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5586
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36453/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36453/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.3 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36453/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.3 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36453/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36453/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5586",
"datePublished": "2020-06-30T10:20:43",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0673
Vulnerability from cvelistv5
Published
2018-11-15 15:00
Modified
2024-08-05 03:35
Severity
Summary
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2018/006717.html | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN12583112/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name": "JVN#12583112",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.6.3"
}
]
}
],
"datePublic": "2018-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name": "JVN#12583112",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2018/006717.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2018/006717.html"
},
{
"name": "JVN#12583112",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN12583112/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0673",
"datePublished": "2018-11-15T15:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27304
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:09
Severity
Summary
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27304",
"datePublished": "2023-05-23T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T12:09:43.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5928
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/34279/ | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34279/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34279/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/34279/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34279/"
},
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5928",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2090
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/9499 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9499",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9499"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2090",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20756
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Viewing restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Viewing restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20756",
"datePublished": "2021-08-18T05:35:54",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20773
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Vulnerability where information is deleted unintentionally",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Vulnerability where information is deleted unintentionally"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20773",
"datePublished": "2021-08-18T05:36:21",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5937
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35493/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35493/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35493/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35493/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35493/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5937",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0550
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/10056 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.5.0 to 4.6.1"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Cabinet\" via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.5.0 to 4.6.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Cabinet\" via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10056",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10056"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0550",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20767
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:12",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20767",
"datePublished": "2021-08-18T05:36:12",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20757
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20757",
"datePublished": "2021-08-18T05:35:56",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20765
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:08",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20765",
"datePublished": "2021-08-18T05:36:09",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5940
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35490/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35490/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Scheduler\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35490/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Scheduler\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35490/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35490/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5940",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5947
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35496/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35496/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Cabinet\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:56",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35496/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application \u0027Cabinet\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35496/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35496/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5947",
"datePublished": "2019-05-17T15:25:56",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5643
Vulnerability from cvelistv5
Published
2020-11-06 02:06
Modified
2024-08-04 08:39
Severity
Summary
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/36725/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN57942454/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36725/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T02:06:26",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36725/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36725/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36725/"
},
{
"name": "https://jvn.jp/en/jp/JVN57942454/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN57942454/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5643",
"datePublished": "2020-11-06T02:06:26",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28718
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:03
Severity
Summary
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:17",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28718",
"datePublished": "2022-07-04T06:56:17",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29471
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:26
Severity
Summary
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.9.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29471",
"datePublished": "2022-07-04T06:56:28",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20760
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20760",
"datePublished": "2021-08-18T05:36:01",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20761
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20761",
"datePublished": "2021-08-18T05:36:02",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0549
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/10058 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.6.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.6.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/10058",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0549",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2093
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/9647 | x_refsource_MISC |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9647",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9647"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2093",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5566
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN35649781/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36113/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36113/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application\u0027s data via the applications \u0027E-mail\u0027 and \u0027Messages\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36113/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application\u0027s data via the applications \u0027E-mail\u0027 and \u0027Messages\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36113/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36113/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5566",
"datePublished": "2020-04-28T03:15:30",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5935
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35497/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35497/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35497/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35497/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35497/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5935",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7801
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN14631222/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/94966 | vdb-entry, x_refsource_BID |
| https://support.cybozu.com/ja-jp/article/9437 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users\u0027 To-Dos via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#14631222",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "94966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94966"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users\u0027 To-Dos via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14631222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14631222/index.html"
},
{
"name": "94966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94966"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9437",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7801",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2091
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9570 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9570",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9570"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2091",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27803
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:32
Severity
Summary
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27803",
"datePublished": "2022-07-04T06:55:59",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5978
Vulnerability from cvelistv5
Published
2019-09-12 15:58
Modified
2024-08-04 20:09
Severity
Summary
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN62618482/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35916 | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application \u0027Scheduler\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application \u0027Scheduler\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN62618482/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN62618482/index.html"
},
{
"name": "https://kb.cybozu.support/article/35916",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5978",
"datePublished": "2019-09-12T15:58:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5945
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35488/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.4 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users\u0027 credential information via the authentication of Cybozu Garoon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35488/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.4 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users\u0027 credential information via the authentication of Cybozu Garoon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35488/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35488/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5945",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5568
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN35649781/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36302/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36302/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications \u0027Messages\u0027 and \u0027Bulletin Board\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36302/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications \u0027Messages\u0027 and \u0027Bulletin Board\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36302/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36302/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5568",
"datePublished": "2020-04-28T03:15:31",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5936
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35484/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35484/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application \u0027Work Flow\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35484/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application \u0027Work Flow\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35484/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35484/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5936",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20769
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:15",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20769",
"datePublished": "2021-08-18T05:36:15",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5585
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36432/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36432/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36432/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36432/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36432/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5585",
"datePublished": "2020-06-30T10:20:43",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5584
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36433/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36433/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36433/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36433/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36433/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5584",
"datePublished": "2020-06-30T10:20:42",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20764
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:07",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20764",
"datePublished": "2021-08-18T05:36:07",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2144
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9648 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN43534286/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.4"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user\u0027s file through a specially crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user\u0027s file through a specially crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9648",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9648"
},
{
"name": "JVN#43534286",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2144",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20754
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:51",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20754",
"datePublished": "2021-08-18T05:35:51",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26054
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 04:56
Severity
Summary
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26054",
"datePublished": "2022-07-04T06:55:39",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0548
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9886 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.0"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Space\" via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of \"Space\" via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9886",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9886"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0548",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27627
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:32
Severity
Summary
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.2 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Organization\u0027s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.2 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Organization\u0027s Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user\u0027s web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27627",
"datePublished": "2022-07-04T06:55:50",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0533
Vulnerability from cvelistv5
Published
2018-04-16 13:00
Modified
2024-08-05 03:28
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9375 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN65268217/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.6"
}
]
}
],
"datePublic": "2018-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"name": "JVN#65268217",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.6"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9375",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9375"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0533",
"datePublished": "2018-04-16T13:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5564
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN35649781/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36116/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36116/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027E-mail\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36116/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application \u0027E-mail\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36116/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36116/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5564",
"datePublished": "2020-04-28T03:15:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2145
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity
Summary
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9695 | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN43534286/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.2.4"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Session fixation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"name": "JVN#43534286",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.2.4"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9695",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9695"
},
{
"name": "JVN#43534286",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43534286/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2145",
"datePublished": "2017-07-07T13:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31399
Vulnerability from cvelistv5
Published
2024-06-11 05:34
Modified
2024-08-02 01:52
Severity
Summary
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:21:30.661944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:21:43.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive Platform Resource Consumption within a Loop",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:34:34.564Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31399",
"datePublished": "2024-06-11T05:34:34.564Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26368
Vulnerability from cvelistv5
Published
2022-07-04 06:55
Modified
2024-08-03 05:03
Severity
Summary
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:55:44",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26368",
"datePublished": "2022-07-04T06:55:44",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29512
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 06:26
Severity
Summary
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007682.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN14077132/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007682.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14077132/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29512",
"datePublished": "2022-07-11T00:40:21",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30943
Vulnerability from cvelistv5
Published
2022-07-11 00:40
Modified
2024-08-03 07:03
Severity
Summary
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007682.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN14077132/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T00:40:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.9.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007682.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007682.html"
},
{
"name": "https://jvn.jp/en/jp/JVN14077132/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN14077132/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30943",
"datePublished": "2022-07-11T00:40:24",
"dateReserved": "2022-06-02T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5930
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/34227/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/34227/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application \u0027Management of Basic System\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:54",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/34227/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application \u0027Management of Basic System\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/34227/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/34227/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5930",
"datePublished": "2019-05-17T15:25:54",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20758
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:57",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20758",
"datePublished": "2021-08-18T05:35:57",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28692
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 06:03
Severity
Summary
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:09",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28692",
"datePublished": "2022-07-04T06:56:09",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:03:52.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20772
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:19",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20772",
"datePublished": "2021-08-18T05:36:20",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2258
Vulnerability from cvelistv5
Published
2017-08-28 20:00
Modified
2024-08-05 13:48
Severity
Summary
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9846 | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN63564682/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.2.4 to 4.2.5"
}
]
}
],
"datePublic": "2017-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API \"WorkflowHandleApplications\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"name": "JVN#63564682",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.2.4 to 4.2.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API \"WorkflowHandleApplications\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9846",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9846"
},
{
"name": "JVN#63564682",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN63564682/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2258",
"datePublished": "2017-08-28T20:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5562
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/36304 | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36304"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 4.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36304"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 4.6.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36304",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36304"
},
{
"name": "https://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN58849431/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5562",
"datePublished": "2020-04-28T03:15:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31397
Vulnerability from cvelistv5
Published
2024-06-11 05:34
Modified
2024-08-02 01:52
Severity
Summary
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:30:54.740623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-231",
"description": "CWE-231 Improper Handling of Extra Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:31:56.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Handling of Extra Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:34:39.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31397",
"datePublished": "2024-06-11T05:34:39.924Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5582
Vulnerability from cvelistv5
Published
2020-06-30 10:20
Modified
2024-08-04 08:30
Severity
Summary
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN55497111/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36455/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36455/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-30T10:20:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36455/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN55497111/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN55497111/index.html"
},
{
"name": "https://kb.cybozu.support/article/36455/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36455/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5582",
"datePublished": "2020-06-30T10:20:41",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26595
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 11:53
Severity
Summary
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-26595",
"datePublished": "2023-05-23T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T11:53:54.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5567
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
References
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN35649781/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/36114/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36114/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:30",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36114/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
},
{
"name": "https://kb.cybozu.support/article/36114/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36114/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5567",
"datePublished": "2020-04-28T03:15:30",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20762
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20762",
"datePublished": "2021-08-18T05:36:04",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31402
Vulnerability from cvelistv5
Published
2024-06-11 05:21
Modified
2024-08-14 19:58
Severity
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:58:25.261394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T19:58:39.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:21:04.938Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31402",
"datePublished": "2024-06-11T05:21:04.938Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-08-14T19:58:39.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4907
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 00:46
Severity
Summary
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9441 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94965 | vdb-entry, x_refsource_BID |
| https://jvn.jp/en/jp/JVN13218253/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:39.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"name": "94965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94965"
},
{
"name": "JVN#13218253",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"name": "94965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94965"
},
{
"name": "JVN#13218253",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9441",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9441"
},
{
"name": "94965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94965"
},
{
"name": "JVN#13218253",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN13218253/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4907",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:39.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5944
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35487/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35487/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35487/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application \u0027Address\u0027 without modify privileges via the application \u0027Address\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35487/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35487/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5944",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:24.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5934
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35306/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35306/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application \u0027logging\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35306/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application \u0027logging\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35306/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35306/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5934",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31398
Vulnerability from cvelistv5
Published
2024-06-11 05:20
Modified
2024-08-02 01:52
Severity
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:54:10.200588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:54:17.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:20:51.967Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31398",
"datePublished": "2024-06-11T05:20:51.967Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27807
Vulnerability from cvelistv5
Published
2022-07-04 06:56
Modified
2024-08-03 05:33
Severity
Summary
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2022/007429.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73897863/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:33:00.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T06:56:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007429.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007429.html"
},
{
"name": "https://jvn.jp/en/jp/JVN73897863/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73897863/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27807",
"datePublished": "2022-07-04T06:56:04",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T05:33:00.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5563
Vulnerability from cvelistv5
Published
2020-04-28 03:15
Modified
2024-08-04 08:30
Severity
Summary
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
References
| URL | Tags |
|---|---|
| https://kb.cybozu.support/article/36118/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN35649781/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/36118/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-28T03:15:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/36118/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.cybozu.support/article/36118/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/36118/"
},
{
"name": "https://jvn.jp/en/jp/JVN35649781/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN35649781/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5563",
"datePublished": "2020-04-28T03:15:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20753
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:35:49",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20753",
"datePublished": "2021-08-18T05:35:49",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5938
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35494/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35494/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Mail\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35494/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application \u0027Mail\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35494/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35494/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5938",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-5942
Vulnerability from cvelistv5
Published
2019-05-17 15:25
Modified
2024-08-04 20:09
Severity
Summary
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
References
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN58849431/index.html | x_refsource_MISC |
| https://kb.cybozu.support/article/35485/ | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.cybozu.support/article/35485/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-17T15:25:55",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.cybozu.support/article/35485/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 4.10.1"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application \u0027Cabinet\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN58849431/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN58849431/index.html"
},
{
"name": "https://kb.cybozu.support/article/35485/",
"refsource": "MISC",
"url": "https://kb.cybozu.support/article/35485/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5942",
"datePublished": "2019-05-17T15:25:55",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2092
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity
Summary
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://support.cybozu.com/ja-jp/article/9555 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN73182875/index.html | third-party-advisory, x_refsource_JVN |
| http://www.securityfocus.com/bid/96429 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.3"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9555",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2092",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20768
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Operational restrictions bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:13",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.0.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Operational restrictions bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20768",
"datePublished": "2021-08-18T05:36:13",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39457
Vulnerability from cvelistv5
Published
2024-07-19 08:36
Modified
2024-08-02 04:26
Severity
Summary
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T16:47:27.038484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T16:47:46.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN74825766/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "6.0.0 to 6.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:36:27.786Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"url": "https://jvn.jp/en/jp/JVN74825766/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39457",
"datePublished": "2024-07-19T08:36:27.786Z",
"dateReserved": "2024-06-25T06:24:51.487Z",
"dateUpdated": "2024-08-02T04:26:14.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20771
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T09:15:10",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20771",
"datePublished": "2021-08-18T05:36:18",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20774
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity
Summary
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags |
|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 5.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T05:36:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.0.0 to 5.5.0"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2021/007206.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2021/007206.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54794245/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54794245/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20774",
"datePublished": "2021-08-18T05:36:23",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7803
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity
Summary
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
References
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94974 | vdb-entry, x_refsource_BID |
| https://jvn.jp/en/jp/JVN17980240/index.html | third-party-advisory, x_refsource_JVN |
| https://support.cybozu.com/ja-jp/article/9447 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94974"
},
{
"name": "JVN#17980240",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 4.2.2"
}
]
}
],
"datePublic": "2016-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via \"MultiReport\" function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "94974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94974"
},
{
"name": "JVN#17980240",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 4.2.2"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via \"MultiReport\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94974"
},
{
"name": "JVN#17980240",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN17980240/index.html"
},
{
"name": "https://support.cybozu.com/ja-jp/article/9447",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9447"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7803",
"datePublished": "2017-06-09T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:04:56.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2014-000043
Vulnerability from jvndb
Published
2014-04-30 15:08
Modified
2014-05-08 18:06
Summary
Cybozu Garoon API access restriction bypass vulnerability
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability when using APIs.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000043.html",
"dc:date": "2014-05-08T18:06+09:00",
"dcterms:issued": "2014-04-30T15:08+09:00",
"dcterms:modified": "2014-05-08T18:06+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability when using APIs.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000043.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000043",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN31230946/",
"@id": "JVN#31230946",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1989",
"@id": "CVE-2014-1989",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1989",
"@id": "CVE-2014-1989",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon API access restriction bypass vulnerability"
}
jvndb-2016-000083
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:05
Severity
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#49285177.
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000083.html",
"dc:date": "2016-06-23T17:05+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:05+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#49285177.\r\n\r\nTakayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000083.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000083",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37121456/index.html",
"@id": "JVN#37121456",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1197",
"@id": "CVE-2016-1197",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1197",
"@id": "CVE-2016-1197",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2011-000044
Vulnerability from jvndb
Published
2011-06-24 19:15
Modified
2011-06-24 19:15
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000044.html",
"dc:date": "2011-06-24T19:15+09:00",
"dcterms:issued": "2011-06-24T19:15+09:00",
"dcterms:modified": "2011-06-24T19:15+09:00",
"description": "Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nCybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nDaiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000044.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000044",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN59779256/index.html",
"@id": "JVN#59779256",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1332",
"@id": "CVE-2011-1332",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1332",
"@id": "CVE-2011-1332",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2017-000027
Vulnerability from jvndb
Published
2017-02-20 15:38
Modified
2017-06-01 15:05
Severity
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000027.html",
"dc:date": "2017-06-01T15:05+09:00",
"dcterms:issued": "2017-02-20T15:38+09:00",
"dcterms:modified": "2017-06-01T15:05+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000027.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000027",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73182875/index.html",
"@id": "JVN#73182875",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2090",
"@id": "CVE-2017-2090",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2090",
"@id": "CVE-2017-2090",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2014-000023
Vulnerability from jvndb
Published
2014-02-26 15:22
Modified
2014-03-03 18:44
Summary
Cybozu Garoon vulnerable to directory traversal
Details
Cybozu Garoon contains a directory traversal vulnerability.
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000023.html",
"dc:date": "2014-03-03T18:44+09:00",
"dcterms:issued": "2014-02-26T15:22+09:00",
"dcterms:modified": "2014-03-03T18:44+09:00",
"description": "Cybozu Garoon contains a directory traversal vulnerability.\r\n\r\nCybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000023.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000023",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26393529/",
"@id": "JVN#26393529",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0820",
"@id": "CVE-2014-0820",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0820",
"@id": "CVE-2014-0820",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Cybozu Garoon vulnerable to directory traversal"
}
jvndb-2016-000147
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the "Messages" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability in the \"Messages\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000147.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000147",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN83568336/index.html",
"@id": "JVN#83568336",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1218",
"@id": "CVE-2016-1218",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1218",
"@id": "CVE-2016-1218",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2014-000010
Vulnerability from jvndb
Published
2014-01-28 14:40
Modified
2014-01-30 14:22
Summary
Multiple SQL injection vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon contains multiple SQL injection vulnerabilities.
Cybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection.
Note that this vulnerability is different from JVN#60997973.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000010.html",
"dc:date": "2014-01-30T14:22+09:00",
"dcterms:issued": "2014-01-28T14:40+09:00",
"dcterms:modified": "2014-01-30T14:22+09:00",
"description": "Cybozu Garoon contains multiple SQL injection vulnerabilities.\r\n\r\nCybozu Garoon contains issues in the process of page navigation link and input through API, which may result in SQL injection.\r\n\r\nNote that this vulnerability is different from JVN#60997973.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000010.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000010",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN91153528/index.html",
"@id": "JVN#91153528",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6930",
"@id": "CVE-2013-6930",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6931",
"@id": "CVE-2013-6931",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6930",
"@id": "CVE-2013-6930",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6931",
"@id": "CVE-2013-6931",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple SQL injection vulnerabilities in Cybozu Garoon"
}
jvndb-2019-000023
Vulnerability from jvndb
Published
2019-04-25 17:13
Modified
2023-11-08 16:39
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928
* Cross-site scripting in the application "Memo" (CWE-79) - CVE-2019-5929
* Browse restriction bypass in the application "Management of Basic System" (CWE-264) - CVE-2019-5930
* Improper verification of file path in installer (CWE-20) - CVE-2019-5931
* Stored cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5932
* Browse restriction bypass in the application "Bulletin" (CWE-284) - CVE-2019-5933
* SQL injection in the Log Search function of application "logging" (CWE-89) - CVE-2019-5934
* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935
* Directory traversal in the application "Work Flow" (CWE-22) - CVE-2019-5936
* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937
* Stored cross-site scripting in the application "Mail" (CWE-79) - CVE-2019-5938
* Cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5939
* Cross-site scripting in the application "Scheduler" (CWE-79) - CVE-2019-5940
* Operation restriction bypass in the application "Multi Report" (CWE-264) - CVE-2019-5941
* Browse restriction bypass in the Multiple Files Download function of application "Cabinet" (CWE-284) - CVE-2019-5942
* Browse restriction bypass in the application "Bulletin" and the application "Cabinet" (CWE-284) - CVE-2019-5943
* Operation restriction bypass in the application "Address" (CWE-264) - CVE-2019-5944
* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945
* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946
* Cross-site scripting in the application "Cabinet" (CWE-79) - CVE-2019-5947
* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562
Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.
* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa
* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai
* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.
* CVE-2019-5943 by ixama
* CVE-2019-5944 by Tanghaifeng
* CVE-2020-5562 by Kanta Nishitani
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
"dc:date": "2023-11-08T16:39+09:00",
"dcterms:issued": "2019-04-25T17:13+09:00",
"dcterms:modified": "2023-11-08T16:39+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n* Cross-site scripting in the additional processing of Customize Item function (CWE-79) - CVE-2019-5928\r\n* Cross-site scripting in the application \"Memo\" (CWE-79) - CVE-2019-5929\r\n* Browse restriction bypass in the application \"Management of Basic System\" (CWE-264) - CVE-2019-5930\r\n* Improper verification of file path in installer (CWE-20) - CVE-2019-5931\r\n* Stored cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5932\r\n* Browse restriction bypass in the application \"Bulletin\" (CWE-284) - CVE-2019-5933\r\n* SQL injection in the Log Search function of application \"logging\" (CWE-89) - CVE-2019-5934\r\n* Operation restriction bypass in the Item function of User Information (CWE-264) - CVE-2019-5935\r\n* Directory traversal in the application \"Work Flow\" (CWE-22) - CVE-2019-5936\r\n* Cross-site scripting in the user information (CWE-79) - CVE-2019-5937\r\n* Stored cross-site scripting in the application \"Mail\" (CWE-79) - CVE-2019-5938\r\n* Cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5939\r\n* Cross-site scripting in the application \"Scheduler\" (CWE-79) - CVE-2019-5940\r\n* Operation restriction bypass in the application \"Multi Report\" (CWE-264) - CVE-2019-5941\r\n* Browse restriction bypass in the Multiple Files Download function of application \"Cabinet\" (CWE-284) - CVE-2019-5942\r\n* Browse restriction bypass in the application \"Bulletin\" and the application \"Cabinet\" (CWE-284) - CVE-2019-5943\r\n* Operation restriction bypass in the application \"Address\" (CWE-264) - CVE-2019-5944\r\n* Information disclosure in the authentication of Cybozu Garoon (CWE-287) - CVE-2019-5945\r\n* Open redirect in the Login Screen (CWE-601) - CVE-2019-5946\r\n* Cross-site scripting in the application \"Cabinet\" (CWE-79) - CVE-2019-5947\r\n* Server-side request forgery in the V-CUBE Meeting function (CWE-918) - CVE-2020-5562\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\n* CVE-2019-5928, CVE-2019-5930, CVE-2019-5931, CVE-2019-5932, CVE-2019-5935, CVE-2019-5936, CVE-2019-5942 and CVE-2019-5947 by Cybozu, Inc.\r\n* CVE-2019-5929, CVE-2019-5937, CVE-2019-5938, CVE-2019-5939 and CVE-2019-5940 by Masato Kinugawa\r\n* CVE-2019-5933, CVE-2019-5941 and CVE-2019-5946 by Yuji Tounai\r\n* CVE-2019-5934 and CVE-2019-5945 by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.\r\n* CVE-2019-5943 by ixama\r\n* CVE-2019-5944 by Tanghaifeng\r\n* CVE-2020-5562 by Kanta Nishitani",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000023.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000023",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN58849431/index.html",
"@id": "JVN#58849431",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2020-5562",
"@id": "CVE-2020-5562",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5928",
"@id": "CVE-2019-5928",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5929",
"@id": "CVE-2019-5929",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5930",
"@id": "CVE-2019-5930",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5931",
"@id": "CVE-2019-5931",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5932",
"@id": "CVE-2019-5932",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5933",
"@id": "CVE-2019-5933",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5934",
"@id": "CVE-2019-5934",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5935",
"@id": "CVE-2019-5935",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5936",
"@id": "CVE-2019-5936",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5937",
"@id": "CVE-2019-5937",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5938",
"@id": "CVE-2019-5938",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5939",
"@id": "CVE-2019-5939",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5940",
"@id": "CVE-2019-5940",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5941",
"@id": "CVE-2019-5941",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5942",
"@id": "CVE-2019-5942",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5943",
"@id": "CVE-2019-5943",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5944",
"@id": "CVE-2019-5944",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5945",
"@id": "CVE-2019-5945",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5946",
"@id": "CVE-2019-5946",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2019-5947",
"@id": "CVE-2019-5947",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5928",
"@id": "CVE-2019-5928",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5929",
"@id": "CVE-2019-5929",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5930",
"@id": "CVE-2019-5930",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5931",
"@id": "CVE-2019-5931",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5932",
"@id": "CVE-2019-5932",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5933",
"@id": "CVE-2019-5933",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5934",
"@id": "CVE-2019-5934",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5935",
"@id": "CVE-2019-5935",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5936",
"@id": "CVE-2019-5936",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5937",
"@id": "CVE-2019-5937",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5938",
"@id": "CVE-2019-5938",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5939",
"@id": "CVE-2019-5939",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5940",
"@id": "CVE-2019-5940",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5941",
"@id": "CVE-2019-5941",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5942",
"@id": "CVE-2019-5942",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5943",
"@id": "CVE-2019-5943",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5944",
"@id": "CVE-2019-5944",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5945",
"@id": "CVE-2019-5945",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5946",
"@id": "CVE-2019-5946",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5947",
"@id": "CVE-2019-5947",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5562",
"@id": "CVE-2020-5562",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2016-000084
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:09
Severity
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#37121456.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000084.html",
"dc:date": "2016-06-23T17:09+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:09+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#37121456.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000084.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000084",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49285177/index.html",
"@id": "JVN#49285177",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7775",
"@id": "CVE-2015-7775",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7775",
"@id": "CVE-2015-7775",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2011-000046
Vulnerability from jvndb
Published
2011-06-24 19:21
Modified
2011-06-24 19:21
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
"dc:date": "2011-06-24T19:21+09:00",
"dcterms:issued": "2011-06-24T19:21+09:00",
"dcterms:modified": "2011-06-24T19:21+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the mail system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000046.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:collaborex",
"@product": "Cybozu Collaborex",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000046",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54074460",
"@id": "JVN#54074460",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1334",
"@id": "CVE-2011-1334",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1334",
"@id": "CVE-2011-1334",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2008-000035
Vulnerability from jvndb
Published
2008-07-08 12:14
Modified
2008-07-08 12:14
Summary
Cybozu Garoon vulnerable to arbitrary script execution
Details
Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed.
Yoshiki Kawada of LAC (Little eArth Corporation) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000035.html",
"dc:date": "2008-07-08T12:14+09:00",
"dcterms:issued": "2008-07-08T12:14+09:00",
"dcterms:modified": "2008-07-08T12:14+09:00",
"description": "Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed.\r\n\r\nYoshiki Kawada of LAC (Little eArth Corporation) reported this vulnerability to IPA. \r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000035.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000035",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN52363223/index.html",
"@id": "JVN#52363223",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6570",
"@id": "CVE-2008-6570",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6570",
"@id": "CVE-2008-6570",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30871/",
"@id": "SA30871",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/29981",
"@id": "29981",
"@source": "BID"
},
{
"#text": "http://osvdb.org/46564",
"@id": "46564",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000035.html",
"@id": "JVNDB-2008-000035",
"@source": "JVNDB_Ja"
}
],
"title": "Cybozu Garoon vulnerable to arbitrary script execution"
}
jvndb-2016-000095
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:49
Severity
Summary
Cybozu Garoon logging function vulnerable to directory traversal
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000095.html",
"dc:date": "2016-06-23T17:49+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:49+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000095.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000095",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14749391/index.html",
"@id": "JVN#14749391",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1192",
"@id": "CVE-2016-1192",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1192",
"@id": "CVE-2016-1192",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Cybozu Garoon logging function vulnerable to directory traversal"
}
jvndb-2017-000028
Vulnerability from jvndb
Published
2017-02-20 15:38
Modified
2017-06-01 15:05
Severity
Summary
Cybozu Garoon fails to restrict access permission in the Phone Messages function
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function
Yuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000028.html",
"dc:date": "2017-06-01T15:05+09:00",
"dcterms:issued": "2017-02-20T15:38+09:00",
"dcterms:modified": "2017-06-01T15:05+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the Phone Messages function\r\n\r\nYuji Tounai reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000028.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000028",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73182875/index.html",
"@id": "JVN#73182875",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2091",
"@id": "CVE-2017-2091",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2091",
"@id": "CVE-2017-2091",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission in the Phone Messages function"
}
jvndb-2016-000223
Vulnerability from jvndb
Published
2016-12-19 12:29
Modified
2017-11-27 16:58
Severity
Summary
Cybozu Garoon vulnerable to information disclosure
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability (CWE-200).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN13218253/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4907 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4907 |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000223.html",
"dc:date": "2017-11-27T16:58+09:00",
"dcterms:issued": "2016-12-19T12:29+09:00",
"dcterms:modified": "2017-11-27T16:58+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability (CWE-200).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000223.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.1",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000223",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN13218253/index.html",
"@id": "JVN#13218253",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4907",
"@id": "CVE-2016-4907",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4907",
"@id": "CVE-2016-4907",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Garoon vulnerable to information disclosure"
}
jvndb-2018-000069
Vulnerability from jvndb
Published
2018-07-02 15:22
Modified
2019-07-05 17:55
Severity
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in application "Notifications".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000069.html",
"dc:date": "2019-07-05T17:55+09:00",
"dcterms:issued": "2018-07-02T15:22+09:00",
"dcterms:modified": "2019-07-05T17:55+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in application \"Notifications\".\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000069.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000069",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN13415512/index.html",
"@id": "JVN#13415512",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0607",
"@id": "CVE-2018-0607",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0607",
"@id": "CVE-2018-0607",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2013-000007
Vulnerability from jvndb
Published
2013-02-08 13:58
Modified
2013-02-08 13:58
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon contains an SQL injection vulnerability.
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000007.html",
"dc:date": "2013-02-08T13:58+09:00",
"dcterms:issued": "2013-02-08T13:58+09:00",
"dcterms:modified": "2013-02-08T13:58+09:00",
"description": "Cybozu Garoon contains an SQL injection vulnerability.\r\n\r\nCybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains an SQL injection vulnerability.\r\n\r\nKen Asai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000007.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN07629635/index.html",
"@id": "JVN#07629635",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0701",
"@id": "CVE-2013-0701",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0701",
"@id": "CVE-2013-0701",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2016-000222
Vulnerability from jvndb
Published
2016-12-19 12:22
Modified
2017-11-27 16:58
Severity
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability (CWE-79) due to an issue in "Messages" function of Cybozu Garoon Keitai.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN12281353/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4906 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4906 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000222.html",
"dc:date": "2017-11-27T16:58+09:00",
"dcterms:issued": "2016-12-19T12:22+09:00",
"dcterms:modified": "2017-11-27T16:58+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability (CWE-79) due to an issue in \"Messages\" function of Cybozu Garoon Keitai.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000222.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000222",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12281353/index.html",
"@id": "JVN#12281353",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4906",
"@id": "CVE-2016-4906",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4906",
"@id": "CVE-2016-4906",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2017-000029
Vulnerability from jvndb
Published
2017-02-20 15:38
Modified
2017-06-01 15:05
Severity
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN73182875/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2092 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2092 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000029.html",
"dc:date": "2017-06-01T15:05+09:00",
"dcterms:issued": "2017-02-20T15:38+09:00",
"dcterms:modified": "2017-06-01T15:05+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000029.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73182875/index.html",
"@id": "JVN#73182875",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2092",
"@id": "CVE-2017-2092",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2092",
"@id": "CVE-2017-2092",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2015-000152
Vulnerability from jvndb
Published
2015-10-07 14:48
Modified
2016-06-02 19:15
Summary
Cybozu Garoon vulnerable to LDAP injection
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000152.html",
"dc:date": "2016-06-02T19:15+09:00",
"dcterms:issued": "2015-10-07T14:48+09:00",
"dcterms:modified": "2016-06-02T19:15+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an issue in processing authentication requests, which may result in an LDAP injection vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000152.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:C/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000152",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN38369032/index.html",
"@id": "JVN#38369032",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5649",
"@id": "CVE-2015-5649",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5649",
"@id": "CVE-2015-5649",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20151007-jvn.html",
"@id": "Security Alert for Vulnerability in Cybozu Garoon (JVN#38369032)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Cybozu Garoon vulnerable to LDAP injection"
}
jvndb-2016-000080
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2017-05-23 16:23
Severity
Summary
Cybozu Garoon vulnerable to denial-of-service (DoS)
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability.
ixama reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN26298347/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1194 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1194 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html",
"dc:date": "2017-05-23T16:23+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2017-05-23T16:23+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability.\r\n\r\nixama reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000080.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000080",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN26298347/index.html",
"@id": "JVN#26298347",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1194",
"@id": "CVE-2016-1194",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1194",
"@id": "CVE-2016-1194",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Garoon vulnerable to denial-of-service (DoS)"
}
jvndb-2016-000148
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
Cybozu Garoon vulnerable to authentication bypass
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an authentication bypass vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN89211736/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1219 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1219 |
| Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an authentication bypass vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000148.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000148",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN89211736/index.html",
"@id": "JVN#89211736",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1219",
"@id": "CVE-2016-1219",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1219",
"@id": "CVE-2016-1219",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Cybozu Garoon vulnerable to authentication bypass"
}
jvndb-2021-000073
Vulnerability from jvndb
Published
2021-08-02 16:42
Modified
2022-05-24 15:16
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753
* [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754
* [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755
* [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756
* [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757
* [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758
* [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759
* [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760
* [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761
* [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762
* [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763
* [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764
* [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765
* [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766
* [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767
* [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768
* [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769
* [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770
* [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771
* [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772
* [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773
* [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774
* [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775
CVE-2021-20753
Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20760, CVE-2021-20761, CVE-2021-20767
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20771
Ren Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000073.html",
"dc:date": "2022-05-24T15:16+09:00",
"dcterms:issued": "2021-08-02T16:42+09:00",
"dcterms:modified": "2022-05-24T15:16+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753\r\n* [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754\r\n* [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755\r\n* [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756\r\n* [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757\r\n* [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758\r\n* [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759\r\n* [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760\r\n* [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761\r\n* [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762\r\n* [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763\r\n* [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764\r\n* [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765\r\n* [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766\r\n* [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767\r\n* [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768\r\n* [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769\r\n* [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770\r\n* [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771\r\n* [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772\r\n* [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773\r\n* [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774\r\n* [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775\r\n\r\nCVE-2021-20753\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20760, CVE-2021-20761, CVE-2021-20767\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20771\r\nRen Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000073.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000073",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54794245/index.html",
"@id": "JVN#54794245",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20753",
"@id": "CVE-2021-20753",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20754",
"@id": "CVE-2021-20754",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20755",
"@id": "CVE-2021-20755",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20756",
"@id": "CVE-2021-20756",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20757",
"@id": "CVE-2021-20757",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20758",
"@id": "CVE-2021-20758",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20759",
"@id": "CVE-2021-20759",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20760",
"@id": "CVE-2021-20760",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20761",
"@id": "CVE-2021-20761",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20762",
"@id": "CVE-2021-20762",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20763",
"@id": "CVE-2021-20763",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20764",
"@id": "CVE-2021-20764",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20765",
"@id": "CVE-2021-20765",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20766",
"@id": "CVE-2021-20766",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20767",
"@id": "CVE-2021-20767",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20768",
"@id": "CVE-2021-20768",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20769",
"@id": "CVE-2021-20769",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20770",
"@id": "CVE-2021-20770",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20771",
"@id": "CVE-2021-20771",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20772",
"@id": "CVE-2021-20772",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20773",
"@id": "CVE-2021-20773",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20774",
"@id": "CVE-2021-20774",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20775",
"@id": "CVE-2021-20775",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20753",
"@id": "CVE-2021-20753",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20754",
"@id": "CVE-2021-20754",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20755",
"@id": "CVE-2021-20755",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20756",
"@id": "CVE-2021-20756",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20757",
"@id": "CVE-2021-20757",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20758",
"@id": "CVE-2021-20758",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20759",
"@id": "CVE-2021-20759",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20760",
"@id": "CVE-2021-20760",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20761",
"@id": "CVE-2021-20761",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20762",
"@id": "CVE-2021-20762",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20763",
"@id": "CVE-2021-20763",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20766",
"@id": "CVE-2021-20766",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20767",
"@id": "CVE-2021-20767",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20768",
"@id": "CVE-2021-20768",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20769",
"@id": "CVE-2021-20769",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20770",
"@id": "CVE-2021-20770",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20771",
"@id": "CVE-2021-20771",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20772",
"@id": "CVE-2021-20772",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20773",
"@id": "CVE-2021-20773",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20774",
"@id": "CVE-2021-20774",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20775",
"@id": "CVE-2021-20775",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20764",
"@id": "CVE-2021-20764",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20765",
"@id": "CVE-2021-20765",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2016-000225
Vulnerability from jvndb
Published
2016-12-19 14:32
Modified
2017-11-27 16:58
Severity
Summary
Cybozu Garoon fails to restrict access permission in MultiReport filters
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000225.html",
"dc:date": "2017-11-27T16:58+09:00",
"dcterms:issued": "2016-12-19T14:32+09:00",
"dcterms:modified": "2017-11-27T16:58+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in MultiReport filters.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000225.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000225",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14631222/index.html",
"@id": "JVN#14631222",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4910",
"@id": "CVE-2016-4910",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4910",
"@id": "CVE-2016-4910",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission in MultiReport filters"
}
jvndb-2014-000078
Vulnerability from jvndb
Published
2014-07-15 14:47
Modified
2014-07-23 11:01
Summary
Cybozu Garoon vulnerable to cross-site scritping
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Messages", which may result in a cross-site scripting vulnerability (CWE-79).
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000078.html",
"dc:date": "2014-07-23T11:01+09:00",
"dcterms:issued": "2014-07-15T14:47+09:00",
"dcterms:modified": "2014-07-23T11:01+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function \"Messages\", which may result in a cross-site scripting vulnerability (CWE-79).",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000078.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000078",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN94838679/index.html",
"@id": "JVN#94838679",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1992",
"@id": "CVE-2014-1992",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1992",
"@id": "CVE-2014-1992",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scritping"
}
jvndb-2023-000049
Vulnerability from jvndb
Published
2023-05-15 14:29
Modified
2024-05-24 15:26
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-3122] Denial-of-service (DoS) in Message (CWE-400) - CVE-2023-26595
* [CyVDB-3142] Operation restriction bypass vulnerability in Message and Bulletin (CWE-285) - CVE-2023-27304
* [CyVDB-3165] Operation restriction bypass vulnerability in MultiReport (CWE-284) - CVE-2023-27384
CVE-2023-27384
Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2023-26595, CVE-2023-27304
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000049.html",
"dc:date": "2024-05-24T15:26+09:00",
"dcterms:issued": "2023-05-15T14:29+09:00",
"dcterms:modified": "2024-05-24T15:26+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n * [CyVDB-3122] Denial-of-service (DoS) in Message (CWE-400) - CVE-2023-26595\r\n * [CyVDB-3142] Operation restriction bypass vulnerability in Message and Bulletin (CWE-285) - CVE-2023-27304\r\n * [CyVDB-3165] Operation restriction bypass vulnerability in MultiReport (CWE-284) - CVE-2023-27384\r\n\r\nCVE-2023-27384\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2023-26595, CVE-2023-27304\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000049.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000049",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN41694426/index.html",
"@id": "JVN#41694426",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-26595",
"@id": "CVE-2023-26595",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27304",
"@id": "CVE-2023-27304",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27384",
"@id": "CVE-2023-27384",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-26595",
"@id": "CVE-2023-26595",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27304",
"@id": "CVE-2023-27304",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27384",
"@id": "CVE-2023-27384",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2017-000032
Vulnerability from jvndb
Published
2017-02-20 15:40
Modified
2017-06-01 15:05
Severity
Summary
Cybozu Garoon fails to restrict access permission in the mail function
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000032.html",
"dc:date": "2017-06-01T15:05+09:00",
"dcterms:issued": "2017-02-20T15:40+09:00",
"dcterms:modified": "2017-06-01T15:05+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the mail function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000032.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000032",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73182875/index.html",
"@id": "JVN#73182875",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2095",
"@id": "CVE-2017-2095",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2095",
"@id": "CVE-2017-2095",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission in the mail function"
}
jvndb-2024-000072
Vulnerability from jvndb
Published
2024-07-16 16:14
Modified
2024-07-16 16:14
Severity
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview (CWE-79).
Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN74825766/index.html |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-39457 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000072.html",
"dc:date": "2024-07-16T16:14+09:00",
"dcterms:issued": "2024-07-16T16:14+09:00",
"dcterms:modified": "2024-07-16T16:14+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting vulnerability in PDF preview (CWE-79).\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000072.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.4",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000072",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN74825766/index.html",
"@id": "JVN#74825766",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39457",
"@id": "CVE-2024-39457",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2014-000076
Vulnerability from jvndb
Published
2014-07-15 14:46
Modified
2014-07-23 11:01
Summary
Cybozu Garoon vulnerable to cross-site scritping
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability (CWE-79).
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000076.html",
"dc:date": "2014-07-23T11:01+09:00",
"dcterms:issued": "2014-07-15T14:46+09:00",
"dcterms:modified": "2014-07-23T11:01+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function \"Notices portlet\", which may result in a cross-site scripting vulnerability (CWE-79).",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000076.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000076",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80583739/index.html",
"@id": "JVN#80583739",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1994",
"@id": "CVE-2014-1994",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1994",
"@id": "CVE-2014-1994",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scritping"
}
jvndb-2016-000149
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
Cybozu Garoon fails to restrict access permissions
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon fails to restrict access permissions in the error page.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon fails to restrict access permissions in the error page.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000149.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000149",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93411577/index.html",
"@id": "JVN#93411577",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1220",
"@id": "CVE-2016-1220",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1220",
"@id": "CVE-2016-1220",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permissions"
}
jvndb-2016-000094
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-28 17:01
Severity
Summary
Cybozu Garoon function "MultiReport" vulnerable to access restriction bypass
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "MultiReport".
Yuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html",
"dc:date": "2016-06-28T17:01+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-28T17:01+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function \"MultiReport\".\r\n\r\nYuji Tounai of NTT Com Security (Japan) KK reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000094.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000094",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN18975349/index.html",
"@id": "JVN#18975349",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1190",
"@id": "CVE-2016-1190",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1190",
"@id": "CVE-2016-1190",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon function \"MultiReport\" vulnerable to access restriction bypass"
}
jvndb-2016-000224
Vulnerability from jvndb
Published
2016-12-19 14:29
Modified
2017-11-27 16:58
Severity
Summary
Cybozu Garoon fails to restrict access permission in the RSS settings
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000224.html",
"dc:date": "2017-11-27T16:58+09:00",
"dcterms:issued": "2016-12-19T14:29+09:00",
"dcterms:modified": "2017-11-27T16:58+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in the RSS settings.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000224.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000224",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14631222/index.html",
"@id": "JVN#14631222",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=VE-2016-4908",
"@id": "CVE-2016-4908",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4908",
"@id": "CVE-2016-4908",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission in the RSS settings"
}
jvndb-2018-000130
Vulnerability from jvndb
Published
2018-12-10 14:14
Modified
2019-08-27 16:54
Severity
Summary
Cybozu Garoon access restriction bypass vulnerability
Details
Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability (CWE-284).
Kanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000130.html",
"dc:date": "2019-08-27T16:54+09:00",
"dcterms:issued": "2018-12-10T14:14+09:00",
"dcterms:modified": "2019-08-27T16:54+09:00",
"description": "Single sign-on function of Cybozu Garoon provided by Cybozu, Inc. contains a restriction bypass vulnerability (CWE-284).\r\n\r\nKanta Nishitani reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000130.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000130",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25385698/index.html",
"@id": "JVN#25385698",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16178",
"@id": "CVE-2018-16178",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16178",
"@id": "CVE-2018-16178",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon access restriction bypass vulnerability"
}
jvndb-2008-000033
Vulnerability from jvndb
Published
2008-07-08 12:14
Modified
2008-07-08 12:14
Summary
Multiple Cybozu products vulnerable to cross-site request forgery
Details
Multiple Cybozu products contain a cross-site request forgery vulnerability.
Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
"dc:date": "2008-07-08T12:14+09:00",
"dcterms:issued": "2008-07-08T12:14+09:00",
"dcterms:modified": "2008-07-08T12:14+09:00",
"description": "Multiple Cybozu products contain a cross-site request forgery vulnerability.\r\n\r\nDaiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000033.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dezie",
"@product": "Cybozu Dezie",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18405927/index.html",
"@id": "JVN#18405927",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6744",
"@id": "CVE-2008-6744",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6744",
"@id": "CVE-2008-6744",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30882",
"@id": "SA30882",
"@source": "SECUNIA"
},
{
"#text": "http://osvdb.org/46575",
"@id": "46575",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html",
"@id": "JVNDB-2008-000033",
"@source": "JVNDB_Ja"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site request forgery"
}
jvndb-2016-000145
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
"New appointment" function in Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "New appointment" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN67595539/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1216 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1216 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. \"New appointment\" function in Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000145.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000145",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67595539/index.html",
"@id": "JVN#67595539",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1216",
"@id": "CVE-2016-1216",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1216",
"@id": "CVE-2016-1216",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"New appointment\" function in Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2006-000649
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cybozu Office 6 information disclosure vulnerability
Details
A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.
Cybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "A vulnerability exists in Cybozu Office 6 allowing the disclosure of registered users or groups information.\r\n\r\nCybozu Office 6 provides several login methods. One of the methods, meant to be used in the Internet, allows direct entry of a username. However, even when this method is used, information of registered users and groups could be obtained by an attacker.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000649.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:ag_pocket",
"@product": "Cybozu AG Pocket",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:cybozu_ag",
"@product": "Cybozu AG",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:share360",
"@product": "Cybozu Share360",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000649",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN31125599/index.html",
"@id": "JVN#31125599",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4492",
"@id": "CVE-2006-4492",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4492",
"@id": "CVE-2006-4492",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21623",
"@id": "SA21623",
"@source": "SECUNIA"
},
{
"#text": "http://www.osvdb.org/28263",
"@id": "28263",
"@source": "OSVDB"
}
],
"title": "Cybozu Office 6 information disclosure vulnerability"
}
jvndb-2013-000125
Vulnerability from jvndb
Published
2013-12-25 12:22
Modified
2014-01-07 16:12
Summary
Cybozu Garoon Keitai vulnerable to authentication bypass
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000125.html",
"dc:date": "2014-01-07T16:12+09:00",
"dcterms:issued": "2013-12-25T12:22+09:00",
"dcterms:modified": "2014-01-07T16:12+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon Keitai contains an authentication bypass vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000125.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000125",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN81706478/index.html",
"@id": "JVN#81706478",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6006",
"@id": "CVE-2013-6006",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6006",
"@id": "CVE-2013-6006",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon Keitai vulnerable to authentication bypass"
}
jvndb-2016-000077
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-28 17:01
Severity
Summary
Cybozu Garoon mail function vulnerable to access restriction bypass
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000077.html",
"dc:date": "2016-06-28T17:01+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-28T17:01+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the mail function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000077.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000077",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN18975349/index.html",
"@id": "JVN#18975349",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1188",
"@id": "CVE-2016-1188",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1188",
"@id": "CVE-2016-1188",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon mail function vulnerable to access restriction bypass"
}
jvndb-2020-000042
Vulnerability from jvndb
Published
2020-06-29 16:17
Modified
2020-06-29 16:17
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu, Inc. has released security updates for Cybozu Garoon.
* [CyVDB-2083] Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580
* [CyVDB-2451] Path traversal vulnerability on the portal - CVE-2020-5581
* [CyVDB-2097] Vulnerability to bypass operation privileges on attachments - CVE-2020-5582
* [CyVDB-2289] Vulnerability in the Multi-Report to bypass view privileges - CVE-2020-5583
* [CyVDB-2305] Vulnerability to token-related information leakage - CVE-2020-5584
* [CyVDB-2308] Cross-site scripting vulnerability related to image asset functionality - CVE-2020-5585
* [CyVDB-2309] Cross-site scripting vulnerability in system configuration - CVE-2020-5586
* [CyVDB-2361] Vulnerability to token-related information leakage - CVE-2020-5587
* [CyVDB-2450] Path traversal vulnerability on the portal - CVE-2020-5588
Kanta Nishitani reported CVE-2020-5580 and CVE-2020-5584 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
Tanghaifeng reported CVE-2020-5582 and CVE-2020-5583 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
Yuji Tounai reported CVE-2020-5587 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Cybozu, Inc. reported CVE-2020-5581, CVE-2020-5585, CVE-2020-5586 and CVE-2020-5588 vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000042.html",
"dc:date": "2020-06-29T16:17+09:00",
"dcterms:issued": "2020-06-29T16:17+09:00",
"dcterms:modified": "2020-06-29T16:17+09:00",
"description": "Cybozu, Inc. has released security updates for Cybozu Garoon.\r\n\r\n* [CyVDB-2083] Vulnerability in Single sign-on settings to avoid viewing and operation privileges - CVE-2020-5580\r\n* [CyVDB-2451] Path traversal vulnerability on the portal - CVE-2020-5581\r\n* [CyVDB-2097] Vulnerability to bypass operation privileges on attachments - CVE-2020-5582\r\n* [CyVDB-2289] Vulnerability in the Multi-Report to bypass view privileges - CVE-2020-5583\r\n* [CyVDB-2305] Vulnerability to token-related information leakage - CVE-2020-5584\r\n* [CyVDB-2308] Cross-site scripting vulnerability related to image asset functionality - CVE-2020-5585\r\n* [CyVDB-2309] Cross-site scripting vulnerability in system configuration - CVE-2020-5586\r\n* [CyVDB-2361] Vulnerability to token-related information leakage - CVE-2020-5587\r\n* [CyVDB-2450] Path traversal vulnerability on the portal - CVE-2020-5588\r\n\r\n\r\nKanta Nishitani reported CVE-2020-5580 and CVE-2020-5584 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n Tanghaifeng reported CVE-2020-5582 and CVE-2020-5583 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\n Yuji Tounai reported CVE-2020-5587 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n Cybozu, Inc. reported CVE-2020-5581, CVE-2020-5585, CVE-2020-5586 and CVE-2020-5588 vulnerabilities to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000042.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "8.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000042",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55497111/index.html",
"@id": "JVN#55497111",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5580",
"@id": "CVE-2020-5580",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5581",
"@id": "CVE-2020-5581",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5582",
"@id": "CVE-2020-5582",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5583",
"@id": "CVE-2020-5583",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5584",
"@id": "CVE-2020-5584",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5585",
"@id": "CVE-2020-5585",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5586",
"@id": "CVE-2020-5586",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5587",
"@id": "CVE-2020-5587",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5588",
"@id": "CVE-2020-5588",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5580",
"@id": "CVE-2020-5580",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5581",
"@id": "CVE-2020-5581",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5582",
"@id": "CVE-2020-5582",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5583",
"@id": "CVE-2020-5583",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5584",
"@id": "CVE-2020-5584",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5585",
"@id": "CVE-2020-5585",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5586",
"@id": "CVE-2020-5586",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5587",
"@id": "CVE-2020-5587",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5588",
"@id": "CVE-2020-5588",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2017-000031
Vulnerability from jvndb
Published
2017-02-20 15:40
Modified
2017-06-01 15:05
Severity
Summary
Cybozu Garoon fails to restrict access permission in Workflow and the function "MultiReport"
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function "MultiReport".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000031.html",
"dc:date": "2017-06-01T15:05+09:00",
"dcterms:issued": "2017-02-20T15:40+09:00",
"dcterms:modified": "2017-06-01T15:05+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function \"MultiReport\".\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000031.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000031",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73182875/index.html",
"@id": "JVN#73182875",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2094",
"@id": "CVE-2017-2094",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2094",
"@id": "CVE-2017-2094",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission in Workflow and the function \"MultiReport\""
}
jvndb-2017-000157
Vulnerability from jvndb
Published
2017-07-03 15:23
Modified
2018-02-07 11:52
Severity
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN43534286/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2146 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2146 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000157.html",
"dc:date": "2018-02-07T11:52+09:00",
"dcterms:issued": "2017-07-03T15:23+09:00",
"dcterms:modified": "2018-02-07T11:52+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000157.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000157",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43534286/index.html",
"@id": "JVN#43534286",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2146",
"@id": "CVE-2017-2146",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2146",
"@id": "CVE-2017-2146",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2008-000034
Vulnerability from jvndb
Published
2008-07-08 12:14
Modified
2008-07-08 12:14
Summary
Cybozu Garoon session fixation vulnerability
Details
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability.
Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker.
Yoshihiro Ishikawa of LAC (Little eArth Corporation) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000034.html",
"dc:date": "2008-07-08T12:14+09:00",
"dcterms:issued": "2008-07-08T12:14+09:00",
"dcterms:modified": "2008-07-08T12:14+09:00",
"description": "Cybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability.\r\n\r\nCybozu Garoon, a groupware from Cybozu, contains a session fixation vulnerability which may allow an attacker to impersonate a user when the user logs into Cybozu Garoon using a session ID provided by the attacker.\r\n\r\nYoshihiro Ishikawa of LAC (Little eArth Corporation) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000034.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000034",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18700809/index.html",
"@id": "JVN#18700809",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6569",
"@id": "CVE-2008-6569",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6569",
"@id": "CVE-2008-6569",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30871/",
"@id": "SA30871",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/29981",
"@id": "29981",
"@source": "BID"
},
{
"#text": "http://osvdb.org/46564",
"@id": "46564",
"@source": "OSVDB"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html",
"@id": "JVNDB-2008-000034",
"@source": "JVNDB_Ja"
}
],
"title": "Cybozu Garoon session fixation vulnerability"
}
jvndb-2018-000099
Vulnerability from jvndb
Published
2018-09-10 14:01
Modified
2019-07-26 15:28
Severity
Summary
Cybozu Garoon vulnerable to directory traversal
Details
Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing of the session information.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000099.html",
"dc:date": "2019-07-26T15:28+09:00",
"dcterms:issued": "2018-09-10T14:01+09:00",
"dcterms:modified": "2019-07-26T15:28+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains a directory traversal vulnerability (CWE-22) due to a flaw in processing of the session information.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000099.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000099",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12583112/index.html",
"@id": "JVN#12583112",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0673",
"@id": "CVE-2018-0673",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0673",
"@id": "CVE-2018-0673",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Cybozu Garoon vulnerable to directory traversal"
}
jvndb-2013-000117
Vulnerability from jvndb
Published
2013-12-03 13:51
Modified
2013-12-06 10:52
Summary
Cybozu Garoon vulnerable to session fixation
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000117.html",
"dc:date": "2013-12-06T10:52+09:00",
"dcterms:issued": "2013-12-03T13:51+09:00",
"dcterms:modified": "2013-12-06T10:52+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a session fixation vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000117.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000117",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN87729477/index.html",
"@id": "JVN#87729477",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6004",
"@id": "CVE-2013-6004",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6004",
"@id": "CVE-2013-6004",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon vulnerable to session fixation"
}
jvndb-2017-000202
Vulnerability from jvndb
Published
2017-08-21 14:30
Modified
2018-02-14 12:25
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* Denial-of-service (DoS) vulnerability in the application menu's edit function (CWE-20) - CVE-2017-2254
* Stored cross-site scripting in the "Rich text" function of the application "Space" (CWE-79) - CVE-2017-2255
* Stored cross-site scripting in the "Rich text" function of the application "Memo" (CWE-79) - CVE-2017-2256
* Cross-site scripting in the mail function (CWE-79) - CVE-2017-2257
* Directory traversal in the Garoon SOAP API "WorkflowHandleApplications" (CWE-22) - CVE-2017-2258
Cybozu, Inc. reported CVE-2017-2258 vulnerability to JPCERT/CC to notify users of its solution through JVN.
Jun Kokatsu reported CVE-2017-2254 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Masato Kinugawa reported CVE-2017-2255, CVE-2017-2256 and CVE-2017-2257 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000202.html",
"dc:date": "2018-02-14T12:25+09:00",
"dcterms:issued": "2017-08-21T14:30+09:00",
"dcterms:modified": "2018-02-14T12:25+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n\r\n * Denial-of-service (DoS) vulnerability in the application menu\u0027s edit function (CWE-20) - CVE-2017-2254 \r\n * Stored cross-site scripting in the \"Rich text\" function of the application \"Space\" (CWE-79) - CVE-2017-2255\r\n * Stored cross-site scripting in the \"Rich text\" function of the application \"Memo\" (CWE-79) - CVE-2017-2256 \r\n * Cross-site scripting in the mail function (CWE-79) - CVE-2017-2257 \r\n * Directory traversal in the Garoon SOAP API \"WorkflowHandleApplications\" (CWE-22) - CVE-2017-2258 \r\n\r\nCybozu, Inc. reported CVE-2017-2258 vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nJun Kokatsu reported CVE-2017-2254 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2017-2255, CVE-2017-2256 and CVE-2017-2257 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000202.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000202",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63564682/index.html",
"@id": "JVN#63564682",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2254",
"@id": "CVE-2017-2254",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2255",
"@id": "CVE-2017-2255",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2256",
"@id": "CVE-2017-2256",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2257",
"@id": "CVE-2017-2257",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2258",
"@id": "CVE-2017-2258",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2254",
"@id": "CVE-2017-2254",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2255",
"@id": "CVE-2017-2255",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2256",
"@id": "CVE-2017-2256",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2257",
"@id": "CVE-2017-2257",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2258",
"@id": "CVE-2017-2258",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2014-000021
Vulnerability from jvndb
Published
2014-02-26 15:21
Modified
2014-03-03 18:45
Summary
Cybozu Garoon vulnerable to session management
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000021.html",
"dc:date": "2014-03-03T18:45+09:00",
"dcterms:issued": "2014-02-26T15:21+09:00",
"dcterms:modified": "2014-03-03T18:45+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a vulnerability in session management.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000021.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000021",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN24035499/",
"@id": "JVN#24035499",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0817",
"@id": "CVE-2014-0817",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0817",
"@id": "CVE-2014-0817",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon vulnerable to session management"
}
jvndb-2016-000078
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:40
Severity
Summary
Cybozu Garoon function "Files" vulnerable to directory traversal
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the function "Files".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000078.html",
"dc:date": "2016-06-23T17:40+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:40+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the function \"Files\".\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000078.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000078",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14749391/index.html",
"@id": "JVN#14749391",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1191",
"@id": "CVE-2016-1191",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1191",
"@id": "CVE-2016-1191",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Cybozu Garoon function \"Files\" vulnerable to directory traversal"
}
jvndb-2014-000074
Vulnerability from jvndb
Published
2014-07-15 14:45
Modified
2014-07-23 11:00
Summary
Cybozu Garoon 3 API access restriction bypass vulnerability
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability (CWE-264) when using Garoon APIs.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000074.html",
"dc:date": "2014-07-23T11:00+09:00",
"dcterms:issued": "2014-07-15T14:45+09:00",
"dcterms:modified": "2014-07-23T11:00+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability (CWE-264) when using Garoon APIs.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000074.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000074",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN31082531/index.html",
"@id": "JVN#31082531",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1996",
"@id": "CVE-2014-1996",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1996",
"@id": "CVE-2014-1996",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon 3 API access restriction bypass vulnerability"
}
jvndb-2016-000228
Vulnerability from jvndb
Published
2016-12-19 13:44
Modified
2017-11-27 17:11
Severity
Summary
Cybozu Garoon vulnerable to directory traversal
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability (CWE-22).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000228.html",
"dc:date": "2017-11-27T17:11+09:00",
"dcterms:issued": "2016-12-19T13:44+09:00",
"dcterms:modified": "2017-11-27T17:11+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability (CWE-22).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000228.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000228",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16200242/index.html",
"@id": "JVN#16200242",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7802",
"@id": "CVE-2016-7802",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7802",
"@id": "CVE-2016-7802",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Cybozu Garoon vulnerable to directory traversal"
}
jvndb-2016-000142
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
Cybozu Garoon vulnerable to open redirect
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the "Scheduler" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN67266823 |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1213 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1213 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000142.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an open redirect vulnerability in the \"Scheduler\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000142.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000142",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67266823",
"@id": "JVN#67266823",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1213",
"@id": "CVE-2016-1213",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1213",
"@id": "CVE-2016-1213",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Garoon vulnerable to open redirect"
}
jvndb-2014-000075
Vulnerability from jvndb
Published
2014-07-15 14:45
Modified
2014-07-23 11:01
Summary
Cybozu Garoon vulnerable to cross-site scritping
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability (CWE-79).
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000075.html",
"dc:date": "2014-07-23T11:01+09:00",
"dcterms:issued": "2014-07-15T14:45+09:00",
"dcterms:modified": "2014-07-23T11:01+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function \"Map search\", which may result in a cross-site scripting vulnerability (CWE-79).",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000075.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000075",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN97558950/index.html",
"@id": "JVN#97558950",
"@source": "JVN"
},
{
"#text": "//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1995",
"@id": "CVE-2014-1995",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1995",
"@id": "CVE-2014-1995",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scritping"
}
jvndb-2016-000085
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:43
Severity
Summary
Cybozu Garoon fails to restrict access permissions
Details
Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function.
Note that this vulnerability is different from JVN#33879831.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000085.html",
"dc:date": "2016-06-23T17:43+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:43+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the mail function.\r\n\r\nNote that this vulnerability is different from JVN#33879831.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000085.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000085",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN53542912/index.html",
"@id": "JVN#53542912",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7776",
"@id": "CVE-2015-7776",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7776",
"@id": "CVE-2015-7776",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Garoon fails to restrict access permissions"
}
jvndb-2020-000071
Vulnerability from jvndb
Published
2020-11-05 11:43
Modified
2021-08-02 11:08
Severity
Summary
Cybozu Garoon vulnerable to improper input validation
Details
Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability (CWE-20).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN57942454/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5643 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2020-5643 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000071.html",
"dc:date": "2021-08-02T11:08+09:00",
"dcterms:issued": "2020-11-05T11:43+09:00",
"dcterms:modified": "2021-08-02T11:08+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains an improper input validation vulnerability (CWE-20).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000071.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000071",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN57942454/index.html",
"@id": "JVN#57942454",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5643",
"@id": "CVE-2020-5643",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5643",
"@id": "CVE-2020-5643",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Garoon vulnerable to improper input validation"
}
jvndb-2015-000151
Vulnerability from jvndb
Published
2015-10-07 14:48
Modified
2016-05-30 15:34
Summary
Multiple PHP code execution vulnerabilitles in Cybozu Garoon
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities.
* [CyVDB-863] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, [CyVDB-867] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code (CVE-2015-5646)
* [CyVDB-866] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code in RSS Reader function (CVE-2015-5647)
For more details, refer to the information provided by the developer.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000151.html",
"dc:date": "2016-05-30T15:34+09:00",
"dcterms:issued": "2015-10-07T14:48+09:00",
"dcterms:modified": "2016-05-30T15:34+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains multiple PHP code execution vulnerabilities.\r\n\r\n * [CyVDB-863] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code, [CyVDB-867] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code (CVE-2015-5646)\r\n * [CyVDB-866] Cybozu Garoon allows remote authenticated users to execute arbitrary PHP code in RSS Reader function (CVE-2015-5647)\r\n\r\nFor more details, refer to the information provided by the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000151.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000151",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN21025396/index.html",
"@id": "JVN#21025396",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5646",
"@id": "CVE-2015-5646",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5647",
"@id": "CVE-2015-5647",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5646",
"@id": "CVE-2015-5646",
"@source": "NVD"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5647",
"@id": "CVE-2015-5647",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20151007-jvn.html",
"@id": "Security Alert for Vulnerability in Cybozu Garoon (JVN#21025396)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple PHP code execution vulnerabilitles in Cybozu Garoon"
}
jvndb-2019-000054
Vulnerability from jvndb
Published
2019-08-26 13:48
Modified
2019-10-08 16:48
Severity
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in the processing of Todo portlet.
Shoji Baba reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000054.html",
"dc:date": "2019-10-08T16:48+09:00",
"dcterms:issued": "2019-08-26T13:48+09:00",
"dcterms:modified": "2019-10-08T16:48+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains an SQL injection vulnerability (CWE-89) in the processing of Todo portlet.\r\n\r\nShoji Baba reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000054.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000054",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71877187/index.html",
"@id": "JVN#71877187",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5991",
"@id": "CVE-2019-5991",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5991",
"@id": "CVE-2019-5991",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2016-000093
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-28 17:01
Severity
Summary
Cybozu Garoon function "Portlets" vulnerable to access restriction bypass
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function "Portlets".
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000093.html",
"dc:date": "2016-06-28T17:01+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-28T17:01+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an access restriction bypass vulnerability in the function \"Portlets\".\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000093.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000093",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN18975349/index.html",
"@id": "JVN#18975349",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1189",
"@id": "CVE-2016-1189",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1189",
"@id": "CVE-2016-1189",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon function \"Portlets\" vulnerable to access restriction bypass"
}
jvndb-2016-000081
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:06
Severity
Summary
Cybozu Garoon vulnerable to open redirect
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability.
Jun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN32218514/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1195 |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1195 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000081.html",
"dc:date": "2016-06-23T17:06+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:06+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an open redirect vulnerability.\r\n\r\nJun Kokatsu of KDDI Singapore Dubai Branch reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000081.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000081",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32218514/index.html",
"@id": "JVN#32218514",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1195",
"@id": "CVE-2016-1195",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1195",
"@id": "CVE-2016-1195",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Garoon vulnerable to open redirect"
}
jvndb-2016-000143
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
"Response request" function in Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Response request" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN67595539/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1214 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1214 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. \"Response request\" function in Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000143.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000143",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67595539/index.html",
"@id": "JVN#67595539",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1214",
"@id": "CVE-2016-1214",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1214",
"@id": "CVE-2016-1214",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Response request\" function in Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2016-000144
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
"User details" function in Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "User details" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN67595539/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1215 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1215 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. \"User details\" function in Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000144.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000144",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67595539/index.html",
"@id": "JVN#67595539",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1215",
"@id": "CVE-2016-1215",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1215",
"@id": "CVE-2016-1215",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"User details\" function in Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2007-000815
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#50342989.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000815.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dotsales",
"@product": "Cybozu Dotsales",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000815",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN90712589/index.html",
"@id": "JVN#90712589",
"@source": "JVN"
},
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2013-000116
Vulnerability from jvndb
Published
2013-12-03 13:49
Modified
2013-12-06 10:50
Summary
Cybozu Garoon vulnerable to mail header injection
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN84221103/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6003 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6003 |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000116.html",
"dc:date": "2013-12-06T10:50+09:00",
"dcterms:issued": "2013-12-03T13:49+09:00",
"dcterms:modified": "2013-12-06T10:50+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a mail header injection vulnerability in the Phone Messages function.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000116.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000116",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84221103/index.html",
"@id": "JVN#84221103",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6003",
"@id": "CVE-2013-6003",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6003",
"@id": "CVE-2013-6003",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cybozu Garoon vulnerable to mail header injection"
}
jvndb-2007-000814
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple Cybozu products vulnerable to HTTP header injection
Details
Multiple Cybozu products are vulnerable to HTTP header injection.
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products are vulnerable to HTTP header injection.\r\n\r\nMultiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000814.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000814",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN77730435/index.html",
"@id": "JVN#77730435",
"@source": "JVN"
},
"title": "Multiple Cybozu products vulnerable to HTTP header injection"
}
jvndb-2013-000124
Vulnerability from jvndb
Published
2013-12-25 12:21
Modified
2014-01-07 19:22
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000124.html",
"dc:date": "2014-01-07T19:22+09:00",
"dcterms:issued": "2013-12-25T12:21+09:00",
"dcterms:modified": "2014-01-07T19:22+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in processing input through API, which may result in SQL injection.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000124.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000124",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN60997973/index.html",
"@id": "JVN#60997973",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6929",
"@id": "CVE-2013-6929",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6929",
"@id": "CVE-2013-6929",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2007-000813
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple Cybozu products are vulnerable to cross-site scripting.
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products are vulnerable to cross-site scripting.\r\n\r\nMultiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN#90712589.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000813.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:dotsales",
"@product": "Cybozu Dotsales",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000813",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN50342989/index.html",
"@id": "JVN#50342989",
"@source": "JVN"
},
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2019-000047
Vulnerability from jvndb
Published
2019-07-16 16:08
Modified
2019-10-08 17:19
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* DOM-based cross-site scripting in the application "Portal" (CWE-79) - CVE-2019-5975
* Denial-of-service (DoS) (CWE-20) - CVE-2019-5976
* Mail header injection in the application "E-mail" (CWE-74) - CVE-2019-5977
* Open redirect in the application "Scheduler" (CWE-601) - CVE-2019-5978
Masato Kinugawa reported CVE-2019-5975 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Kanta Nishitani reported CVE-2019-5976 and CVE-2019-5978 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Shuichi Uruma reported CVE-2019-5977 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000047.html",
"dc:date": "2019-10-08T17:19+09:00",
"dcterms:issued": "2019-07-16T16:08+09:00",
"dcterms:modified": "2019-10-08T17:19+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n* DOM-based cross-site scripting in the application \"Portal\" (CWE-79) - CVE-2019-5975 \r\n* Denial-of-service (DoS) (CWE-20) - CVE-2019-5976 \r\n* Mail header injection in the application \"E-mail\" (CWE-74) - CVE-2019-5977 \r\n* Open redirect in the application \"Scheduler\" (CWE-601) - CVE-2019-5978\r\n\r\n Masato Kinugawa reported CVE-2019-5975 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n Kanta Nishitani reported CVE-2019-5976 and CVE-2019-5978 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n Shuichi Uruma reported CVE-2019-5977 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000047.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN62618482/index.html",
"@id": "JVN#62618482",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5975",
"@id": "CVE-2019-5975",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5976",
"@id": "CVE-2019-5976",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5977",
"@id": "CVE-2019-5977",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5978",
"@id": "CVE-2019-5978",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5975",
"@id": "CVE-2019-5975",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5976",
"@id": "CVE-2019-5976",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5977",
"@id": "CVE-2019-5977",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5978",
"@id": "CVE-2019-5978",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2024-000047
Vulnerability from jvndb
Published
2024-05-13 15:19
Modified
2024-05-13 15:19
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-3167] Improper handling of data in Mail (CWE-231) - CVE-2024-31397
* [CyVDB-3221] Improper restriction on the output of some API (CWE-201) - CVE-2024-31398
* [CyVDB-3238] Excessive resource consumption in Mail (CWE-1050) - CVE-2024-31399
* [CyVDB-3439] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2024-31401
* [CyVDB-3441] Improper restriction on some operation in Shared To-Dos (CWE-863) - CVE-2024-31402
* [CyVDB-3402] Information disclosure in Mail (CWE-201) - CVE-2024-31400
* [CyVDB-3151] Improper restriction on browsing and operation in Memo (CWE-863) - CVE-2024-31403
* [CyVDB-3471] Browse restriction bypass in Scheduler (CWE-201) - CVE-2024-31404
CVE-2024-31401
@bttthuan reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2024-31403
Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31400, CVE-2024-31402, CVE-2024-31404
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
"dc:date": "2024-05-13T15:19+09:00",
"dcterms:issued": "2024-05-13T15:19+09:00",
"dcterms:modified": "2024-05-13T15:19+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-3167] Improper handling of data in Mail (CWE-231) - CVE-2024-31397\r\n* [CyVDB-3221] Improper restriction on the output of some API (CWE-201) - CVE-2024-31398\r\n* [CyVDB-3238] Excessive resource consumption in Mail (CWE-1050) - CVE-2024-31399\r\n* [CyVDB-3439] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2024-31401\r\n* [CyVDB-3441] Improper restriction on some operation in Shared To-Dos (CWE-863) - CVE-2024-31402\r\n* [CyVDB-3402] Information disclosure in Mail (CWE-201) - CVE-2024-31400\r\n* [CyVDB-3151] Improper restriction on browsing and operation in Memo (CWE-863) - CVE-2024-31403\r\n* [CyVDB-3471] Browse restriction bypass in Scheduler (CWE-201) - CVE-2024-31404\r\n\r\nCVE-2024-31401\r\n@bttthuan reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2024-31403\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2024-31397, CVE-2024-31398, CVE-2024-31399, CVE-2024-31400, CVE-2024-31402, CVE-2024-31404\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000047.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000047",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN28869536/index.html",
"@id": "JVN#28869536",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31397",
"@id": "CVE-2024-31397",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31398",
"@id": "CVE-2024-31398",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31399",
"@id": "CVE-2024-31399",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31400",
"@id": "CVE-2024-31400",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31401",
"@id": "CVE-2024-31401",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31402",
"@id": "CVE-2024-31402",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31403",
"@id": "CVE-2024-31403",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-31404",
"@id": "CVE-2024-31404",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2017-000030
Vulnerability from jvndb
Published
2017-02-20 15:40
Modified
2017-06-01 15:05
Severity
Summary
Cybozu Garoon vulnerable to information disclosure
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN73182875/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2093 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2093 |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000030.html",
"dc:date": "2017-06-01T15:05+09:00",
"dcterms:issued": "2017-02-20T15:40+09:00",
"dcterms:modified": "2017-06-01T15:05+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an information disclosure vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000030.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000030",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73182875/index.html",
"@id": "JVN#73182875",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2093",
"@id": "CVE-2017-2093",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2093",
"@id": "CVE-2017-2093",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Garoon vulnerable to information disclosure"
}
jvndb-2017-000155
Vulnerability from jvndb
Published
2017-07-03 15:22
Modified
2018-02-14 11:54
Severity
Summary
Cybozu Garoon fails to restrict access permission
Details
Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction.
Jun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000155.html",
"dc:date": "2018-02-14T11:54+09:00",
"dcterms:issued": "2017-07-03T15:22+09:00",
"dcterms:modified": "2018-02-14T11:54+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains an improper access restriction.\r\n\r\nJun Kokatsu of KDDI Singapore Dubai Branch reported vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000155.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000155",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43534286/index.html",
"@id": "JVN#43534286",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2144",
"@id": "CVE-2017-2144",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2144",
"@id": "CVE-2017-2144",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission"
}
jvndb-2018-000031
Vulnerability from jvndb
Published
2018-04-09 14:27
Modified
2018-06-14 14:33
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* SQL injection in the application "Address" (CWE-89) - CVE-2018-0530
* Operation restriction bypass in the "Folder settings" (CWE-264) - CVE-2018-0531
* Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532
* Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533
* Browse restriction bypass in the application "Space" (CWE-264) - CVE-2018-0548
* Stored cross-site scripting in "Rich text" of the application "Message" (CWE-79) - CVE-2018-0549
* Browse restriction bypass in the application "Cabinet" (CWE-264) - CVE-2018-0550
* Stored cross-site scripting in "Rich text" of the application "Space" (CWE-79) - CVE-2018-0551
Cybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.
Jun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
ixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
Masato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000031.html",
"dc:date": "2018-06-14T14:33+09:00",
"dcterms:issued": "2018-04-09T14:27+09:00",
"dcterms:modified": "2018-06-14T14:33+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* SQL injection in the application \"Address\" (CWE-89) - CVE-2018-0530\r\n* Operation restriction bypass in the \"Folder settings\" (CWE-264) - CVE-2018-0531\r\n* Operation restriction bypass in the setting of Login authentication (CWE-264) - CVE-2018-0532\r\n* Operation restriction bypass in the setting of Session authentication (CWE-264) - CVE-2018-0533\r\n* Browse restriction bypass in the application \"Space\" (CWE-264) - CVE-2018-0548\r\n* Stored cross-site scripting in \"Rich text\" of the application \"Message\" (CWE-79) - CVE-2018-0549\r\n* Browse restriction bypass in the application \"Cabinet\" (CWE-264) - CVE-2018-0550\r\n* Stored cross-site scripting in \"Rich text\" of the application \"Space\" (CWE-79) - CVE-2018-0551\r\n\r\nCybozu, Inc. reported CVE-2018-0530, CVE-2018-0531, CVE-2018-0532, CVE-2018-0533 and CVE-2018-0548 vulnerabilities to JPCERT/CC to notify users of respective solutions through JVN.\r\n\r\nJun Kokatsu reported CVE-2018-0549 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nixama reported CVE-2018-0550 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nMasato Kinugawa reported CVE-2018-0551 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000031.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000031",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65268217/index.html",
"@id": "JVN#65268217",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0530",
"@id": "CVE-2018-0530",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0531",
"@id": "CVE-2018-0531",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0532",
"@id": "CVE-2018-0532",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0533",
"@id": "CVE-2018-0533",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0548",
"@id": "CVE-2018-0548",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0549",
"@id": "CVE-2018-0549",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0550",
"@id": "CVE-2018-0550",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0551",
"@id": "CVE-2018-0551",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0530",
"@id": "CVE-2018-0530",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0531",
"@id": "CVE-2018-0531",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0532",
"@id": "CVE-2018-0532",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0533",
"@id": "CVE-2018-0533",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0548",
"@id": "CVE-2018-0548",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0549",
"@id": "CVE-2018-0549",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0550",
"@id": "CVE-2018-0550",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0551",
"@id": "CVE-2018-0551",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2014-000042
Vulnerability from jvndb
Published
2014-04-30 15:14
Modified
2014-05-14 10:50
Summary
Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability in the Phone Messages function.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000042.html",
"dc:date": "2014-05-14T10:50+09:00",
"dcterms:issued": "2014-04-30T15:14+09:00",
"dcterms:modified": "2014-05-14T10:50+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability in the Phone Messages function.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000042.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000042",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN90519014/index.html",
"@id": "JVN#90519014",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1988",
"@id": "CVE-2014-1988",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1988",
"@id": "CVE-2014-1988",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Cybozu Garoon Phone Messages vulnerable to denial-of-service (DoS)"
}
jvndb-2006-000651
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cybozu products vulnerable to directory traversal
Details
Multiple Cybozu products contain a directory traversal vulnerability.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000651.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Multiple Cybozu products contain a directory traversal vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000651.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:ag_pocket",
"@product": "Cybozu AG Pocket",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:collaborex",
"@product": "Cybozu Collaborex",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:cybozu_ag",
"@product": "Cybozu AG",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:mailwise",
"@product": "Cybozu Mailwise",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000651",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN90420168/index.html",
"@id": "JVN#90420168",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4491",
"@id": "CVE-2006-4491",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4491",
"@id": "CVE-2006-4491",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21656",
"@id": "SA21656",
"@source": "SECUNIA"
},
{
"#text": "http://securitytracker.com/id?1016759",
"@id": "1016759",
"@source": "SECTRACK"
},
{
"#text": "http://www.osvdb.org/28262",
"@id": "28262",
"@source": "OSVDB"
}
],
"title": "Cybozu products vulnerable to directory traversal"
}
jvndb-2016-000146
Vulnerability from jvndb
Published
2016-08-22 15:16
Modified
2017-05-23 12:01
Severity
Summary
"Check available times" function in Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Check available times" function in Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN67595539/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1217 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-1217 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html",
"dc:date": "2017-05-23T12:01+09:00",
"dcterms:issued": "2016-08-22T15:16+09:00",
"dcterms:modified": "2017-05-23T12:01+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. \"Check available times\" function in Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000146.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000146",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67595539/index.html",
"@id": "JVN#67595539",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1217",
"@id": "CVE-2016-1217",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1217",
"@id": "CVE-2016-1217",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "\"Check available times\" function in Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2016-000229
Vulnerability from jvndb
Published
2016-12-19 14:19
Modified
2017-11-27 17:11
Severity
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability (CWE-89) due to an issue in "MultiReport" function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000229.html",
"dc:date": "2017-11-27T17:11+09:00",
"dcterms:issued": "2016-12-19T14:19+09:00",
"dcterms:modified": "2017-11-27T17:11+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an SQL injection vulnerability (CWE-89) due to an issue in \"MultiReport\" function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000229.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000229",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17980240/index.html",
"@id": "JVN#17980240",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7803",
"@id": "CVE-2016-7803",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7803",
"@id": "CVE-2016-7803",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2016-000082
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-23 17:35
Severity
Summary
Cybozu Garoon fails to restrict access permissions
Details
Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information.
Note that this vulnerability is different from JVN#53542912.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000082.html",
"dc:date": "2016-06-23T17:35+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-23T17:35+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information.\r\n\r\nNote that this vulnerability is different from JVN#53542912.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000082.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000082",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33879831/index.html",
"@id": "JVN#33879831",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1196",
"@id": "CVE-2016-1196",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1196",
"@id": "CVE-2016-1196",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permissions"
}
jvndb-2022-000035
Vulnerability from jvndb
Published
2022-05-16 14:25
Modified
2024-06-17 16:34
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718
* [CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661
* [CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892
* [CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513
* [CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471
* [CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051
* [CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692
* [CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803
* [CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368
* [CyVDB-2889] Cross-site scripting vulnerability in Organization's Information (CWE-79) - CVE-2022-27627
* [CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054
* [CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807
* [CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467
* [CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713
* [CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484
* [CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472
CVE-2022-27627
Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2022-26054, CVE-2022-26368, CVE-2022-31472
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2022-26051, CVE-2022-27661, CVE-2022-27803, CVE-2022-27807, CVE-2022-28692, CVE-2022-28713, CVE-2022-28718, CVE-2022-29467, CVE-2022-29471, CVE-2022-29484, CVE-2022-29513, CVE-2022-29892
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000035.html",
"dc:date": "2024-06-17T16:34+09:00",
"dcterms:issued": "2022-05-16T14:25+09:00",
"dcterms:modified": "2024-06-17T16:34+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-1584][CyVDB-2670] Operation restriction bypass vulnerability in Bulletin (CWE-285) - CVE-2022-28718\r\n* [CyVDB-1865][CyVDB-2692] Operation restriction bypass vulnerability in Workflow (CWE-285) - CVE-2022-27661\r\n* [CyVDB-2660] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-29892\r\n* [CyVDB-2667] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2022-29513\r\n* [CyVDB-2685] Browse restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-29471\r\n* [CyVDB-2689] Operation restriction bypass vulnerability in Portal (CWE-285) - CVE-2022-26051\r\n* [CyVDB-2718] Improper input validation vulnerability in Scheduler (CWE-20) - CVE-2022-28692\r\n* [CyVDB-2839] Improper input validation vulnerability in Space (CWE-20) - CVE-2022-27803\r\n* [CyVDB-2841] Browse restriction bypass and operation restriction bypass vulnerability in Cabinet (CWE-285) - CVE-2022-26368\r\n* [CyVDB-2889] Cross-site scripting vulnerability in Organization\u0027s Information (CWE-79) - CVE-2022-27627\r\n* [CyVDB-2897] Operation restriction bypass vulnerability in Link (CWE-285) - CVE-2022-26054\r\n* [CyVDB-2906] Improper input validation vulnerability in Link (CWE-20) - CVE-2022-27807\r\n* [CyVDB-2932] Address information disclosure vulnerability (CWE-200) - CVE-2022-29467\r\n* [CyVDB-2940] Improper authentication vulnerability in Scheduler (CWE-287) - CVE-2022-28713\r\n* [CyVDB-3001] Operation restriction bypass vulnerability in Space (CWE-285) - CVE-2022-29484\r\n* [CyVDB-2911] Browse restriction bypass vulnerability in Cabinet (CWE-284) - CVE-2022-31472\r\n\r\nCVE-2022-27627\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-26054, CVE-2022-26368, CVE-2022-31472\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2022-26051, CVE-2022-27661, CVE-2022-27803, CVE-2022-27807, CVE-2022-28692, CVE-2022-28713, CVE-2022-28718, CVE-2022-29467, CVE-2022-29471, CVE-2022-29484, CVE-2022-29513, CVE-2022-29892\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000035.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000035",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN73897863/index.html",
"@id": "JVN#73897863",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26051",
"@id": "CVE-2022-26051",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26054",
"@id": "CVE-2022-26054",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26368",
"@id": "CVE-2022-26368",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27627",
"@id": "CVE-2022-27627",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27661",
"@id": "CVE-2022-27661",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27803",
"@id": "CVE-2022-27803",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27807",
"@id": "CVE-2022-27807",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28692",
"@id": "CVE-2022-28692",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28713",
"@id": "CVE-2022-28713",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28718",
"@id": "CVE-2022-28718",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29467",
"@id": "CVE-2022-29467",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29471",
"@id": "CVE-2022-29471",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29484",
"@id": "CVE-2022-29484",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29513",
"@id": "CVE-2022-29513",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29892",
"@id": "CVE-2022-29892",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-31472",
"@id": "CVE-2022-31472",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26051",
"@id": "CVE-2022-26051",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26054",
"@id": "CVE-2022-26054",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-26368",
"@id": "CVE-2022-26368",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27627",
"@id": "CVE-2022-27627",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27661",
"@id": "CVE-2022-27661",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27803",
"@id": "CVE-2022-27803",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-27807",
"@id": "CVE-2022-27807",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28692",
"@id": "CVE-2022-28692",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28713",
"@id": "CVE-2022-28713",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28718",
"@id": "CVE-2022-28718",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29467",
"@id": "CVE-2022-29467",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29471",
"@id": "CVE-2022-29471",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29484",
"@id": "CVE-2022-29484",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29513",
"@id": "CVE-2022-29513",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29892",
"@id": "CVE-2022-29892",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-31472",
"@id": "CVE-2022-31472",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2014-000077
Vulnerability from jvndb
Published
2014-07-15 14:46
Modified
2014-07-23 11:01
Summary
Cybozu Garoon vulnerable to access restriction bypass
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Portlets", which may result in an access restriction bypass vulnerability (CWE-264).
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000077.html",
"dc:date": "2014-07-23T11:01+09:00",
"dcterms:issued": "2014-07-15T14:46+09:00",
"dcterms:modified": "2014-07-23T11:01+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function \"Portlets\", which may result in an access restriction bypass vulnerability (CWE-264).",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000077.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000077",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75990997/index.html",
"@id": "JVN#75990997",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1993",
"@id": "CVE-2014-1993",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1993",
"@id": "CVE-2014-1993",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon vulnerable to access restriction bypass"
}
jvndb-2017-000156
Vulnerability from jvndb
Published
2017-07-03 15:22
Modified
2018-02-14 11:54
Severity
Summary
Cybozu Garoon vulnerable to session fixation
Details
Cybozu Garoon provided by Cybozu, Inc. contains a session fixation.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000156.html",
"dc:date": "2018-02-14T11:54+09:00",
"dcterms:issued": "2017-07-03T15:22+09:00",
"dcterms:modified": "2018-02-14T11:54+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains a session fixation.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000156.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000156",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43534286/index.html",
"@id": "JVN#43534286",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2145",
"@id": "CVE-2017-2145",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2145",
"@id": "CVE-2017-2145",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu Garoon vulnerable to session fixation"
}
jvndb-2013-000008
Vulnerability from jvndb
Published
2013-02-08 13:53
Modified
2013-02-08 13:53
Summary
Cybozu Garoon vulnerable to cross-site scripting
Details
Cybozu Garoon contains a cross-site scripting vulnerability.
Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.
Ken Asai reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000008.html",
"dc:date": "2013-02-08T13:53+09:00",
"dcterms:issued": "2013-02-08T13:53+09:00",
"dcterms:modified": "2013-02-08T13:53+09:00",
"description": "Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nCybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability.\r\n\r\nKen Asai reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000008.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000008",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN95863326/index.html",
"@id": "JVN#95863326",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0702",
"@id": "CVE-2013-0702",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0702",
"@id": "CVE-2013-0702",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site scripting"
}
jvndb-2016-000079
Vulnerability from jvndb
Published
2016-05-30 16:18
Modified
2016-06-28 17:01
Severity
Summary
Cybozu Garoon vulnerable to information disclosure
Details
Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function.
Masato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000079.html",
"dc:date": "2016-06-28T17:01+09:00",
"dcterms:issued": "2016-05-30T16:18+09:00",
"dcterms:modified": "2016-06-28T17:01+09:00",
"description": "Cybozu Garoon is a groupware. Cybozu Garoon contains an information disclosure vulnerability in the mail function.\r\n\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000079.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000079",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25765762/index.html",
"@id": "JVN#25765762",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1193",
"@id": "CVE-2016-1193",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1193",
"@id": "CVE-2016-1193",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Cybozu Garoon vulnerable to information disclosure"
}
jvndb-2013-000113
Vulnerability from jvndb
Published
2013-12-03 13:37
Modified
2013-12-06 10:42
Summary
Multiple cross-site scripting vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000113.html",
"dc:date": "2013-12-06T10:42+09:00",
"dcterms:issued": "2013-12-03T13:37+09:00",
"dcterms:modified": "2013-12-06T10:42+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000113.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000113",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23981867/index.html",
"@id": "JVN#23981867",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6900",
"@id": "CVE-2013-6900",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6901",
"@id": "CVE-2013-6901",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6902",
"@id": "CVE-2013-6902",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6903",
"@id": "CVE-2013-6903",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6904",
"@id": "CVE-2013-6904",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6905",
"@id": "CVE-2013-6905",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6906",
"@id": "CVE-2013-6906",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6907",
"@id": "CVE-2013-6907",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6908",
"@id": "CVE-2013-6908",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6909",
"@id": "CVE-2013-6909",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6910",
"@id": "CVE-2013-6910",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6911",
"@id": "CVE-2013-6911",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6912",
"@id": "CVE-2013-6912",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6913",
"@id": "CVE-2013-6913",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6914",
"@id": "CVE-2013-6914",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6915",
"@id": "CVE-2013-6915",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6916",
"@id": "CVE-2013-6916",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6900",
"@id": "CVE-2013-6900",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6901",
"@id": "CVE-2013-6901",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6902",
"@id": "CVE-2013-6902",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6903",
"@id": "CVE-2013-6903",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6904",
"@id": "CVE-2013-6904",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6905",
"@id": "CVE-2013-6905",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6906",
"@id": "CVE-2013-6906",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6907",
"@id": "CVE-2013-6907",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6908",
"@id": "CVE-2013-6908",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6909",
"@id": "CVE-2013-6909",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6910",
"@id": "CVE-2013-6910",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6911",
"@id": "CVE-2013-6911",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6912",
"@id": "CVE-2013-6912",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6913",
"@id": "CVE-2013-6913",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6914",
"@id": "CVE-2013-6914",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6915",
"@id": "CVE-2013-6915",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6916",
"@id": "CVE-2013-6916",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple cross-site scripting vulnerabilities in Cybozu Garoon"
}
jvndb-2022-000051
Vulnerability from jvndb
Published
2022-07-04 14:17
Modified
2024-06-17 16:49
Severity
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-2909] Operation restriction bypass in multiple applications (CWE-285) - CVE-2022-30602
* [CyVDB-3042] Information disclosure in multiple applications (CWE-200) - CVE-2022-29512
<s>* [CyVDB-3111] Improper input validation in multiple applications (CWE-20) - CVE-2022-29926</s>
* [CyVDB-3143] Browsing restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-30943
CVE-2022-30602
Shuichi Uruma reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2022-30943
Yuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.
CVE-2022-29512
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
[Updated on 2022 July 6]
The developer identified that [CyVDB-3111] was not a vulnerability after the further investigation.
Therefore the JVN advisory was updated by crossing out the description regarding [CyVDB-3111].
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000051.html",
"dc:date": "2024-06-17T16:49+09:00",
"dcterms:issued": "2022-07-04T14:17+09:00",
"dcterms:modified": "2024-06-17T16:49+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n * [CyVDB-2909] Operation restriction bypass in multiple applications (CWE-285) - CVE-2022-30602\r\n * [CyVDB-3042] Information disclosure in multiple applications (CWE-200) - CVE-2022-29512\r\n \u003cs\u003e* [CyVDB-3111] Improper input validation in multiple applications (CWE-20) - CVE-2022-29926\u003c/s\u003e\r\n * [CyVDB-3143] Browsing restriction bypass vulnerability in Bulletin (CWE-284) - CVE-2022-30943\r\n\r\nCVE-2022-30602\r\nShuichi Uruma reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-30943\r\nYuji Tounai reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.\r\n\r\nCVE-2022-29512\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\n\r\n[Updated on 2022 July 6]\r\nThe developer identified that [CyVDB-3111] was not a vulnerability after the further investigation.\r\nTherefore the JVN advisory was updated by crossing out the description regarding [CyVDB-3111].",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000051.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000051",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14077132/index.html",
"@id": "JVN#14077132",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-30602",
"@id": "CVE-2022-30602",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29512",
"@id": "CVE-2022-29512",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-29926",
"@id": "CVE-2022-29926",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-30943",
"@id": "CVE-2022-30943",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30602",
"@id": "CVE-2022-30602",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29512",
"@id": "CVE-2022-29512",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29926",
"@id": "CVE-2022-29926",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-30943",
"@id": "CVE-2022-30943",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Multiple vulnerabilities in Cybozu Garoon"
}
jvndb-2020-000027
Vulnerability from jvndb
Published
2020-04-28 14:48
Modified
2020-04-28 14:48
Severity
Summary
Cybozu Garoon contains multiple vulnerabilities
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
*Authentication bypass in the API used to specify the fields (CWE-287) - CVE-2020-5563
*Cross-site scripting in the application "E-mail" (CWE-79) - CVE-2020-5564
*Input validation bypass in the applications "Workflow" and "MultiReport" (CWE-20) - CVE-2020-5565
*Improper authorization process in the applications "E-mail" and "Messages" (CWE-285) - CVE-2020-5566
*Improper authentication in Application Menu (CWE-287) - CVE-2020-5567
*Cross-site scripting in the applications "Messages" and "Bulletin Board" (CWE-79) - CVE-2020-5568
Cybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
CVE-2020-5563, CVE-2020-5566 and CVE-2020-5568 by Cybozu, Inc.
CVE-2020-5564 by Masato Kinugawa
CVE-2020-5565 by Tanghaifeng
CVE-2020-5567 by Shuichi Uruma
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000027.html",
"dc:date": "2020-04-28T14:48+09:00",
"dcterms:issued": "2020-04-28T14:48+09:00",
"dcterms:modified": "2020-04-28T14:48+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. \r\n*Authentication bypass in the API used to specify the fields (CWE-287) - CVE-2020-5563\r\n*Cross-site scripting in the application \"E-mail\" (CWE-79) - CVE-2020-5564\r\n*Input validation bypass in the applications \"Workflow\" and \"MultiReport\" (CWE-20) - CVE-2020-5565 \r\n*Improper authorization process in the applications \"E-mail\" and \"Messages\" (CWE-285) - CVE-2020-5566 \r\n*Improper authentication in Application Menu (CWE-287) - CVE-2020-5567\r\n*Cross-site scripting in the applications \"Messages\" and \"Bulletin Board\" (CWE-79) - CVE-2020-5568\r\n\r\nCybozu, Inc. reported the following vulnerabilities to JPCERT/CC to notify users of the solution through JVN.\r\n\r\nCVE-2020-5563, CVE-2020-5566 and CVE-2020-5568 by Cybozu, Inc.\r\nCVE-2020-5564 by Masato Kinugawa\r\nCVE-2020-5565 by Tanghaifeng\r\nCVE-2020-5567 by Shuichi Uruma",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000027.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN35649781/index.html",
"@id": "JVN#35649781",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5563",
"@id": "CVE-2020-5563",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5564",
"@id": "CVE-2020-5564",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5565",
"@id": "CVE-2020-5565",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5566",
"@id": "CVE-2020-5566",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5567",
"@id": "CVE-2020-5567",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5568",
"@id": "CVE-2020-5568",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5563",
"@id": "CVE-2020-5563",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5564",
"@id": "CVE-2020-5564",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5565",
"@id": "CVE-2020-5565",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5566",
"@id": "CVE-2020-5566",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5567",
"@id": "CVE-2020-5567",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5568",
"@id": "CVE-2020-5568",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu Garoon contains multiple vulnerabilities"
}
jvndb-2016-000226
Vulnerability from jvndb
Published
2016-12-19 14:38
Modified
2017-11-27 16:58
Severity
Summary
Cybozu Garoon fails to restrict access permission in To-Dos of Space function
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000226.html",
"dc:date": "2017-11-27T16:58+09:00",
"dcterms:issued": "2016-12-19T14:38+09:00",
"dcterms:modified": "2017-11-27T16:58+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in To-Dos of Space function.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000226.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000226",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14631222/index.html",
"@id": "JVN#14631222",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7801",
"@id": "CVE-2016-7801",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7801",
"@id": "CVE-2016-7801",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cybozu Garoon fails to restrict access permission in To-Dos of Space function"
}
jvndb-2014-000024
Vulnerability from jvndb
Published
2014-02-26 15:23
Modified
2014-03-03 18:42
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon contains a SQL injection vulnerability.
Note that this vulnerability is different from JVN#91153528.
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000024.html",
"dc:date": "2014-03-03T18:42+09:00",
"dcterms:issued": "2014-02-26T15:23+09:00",
"dcterms:modified": "2014-03-03T18:42+09:00",
"description": "Cybozu Garoon contains a SQL injection vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#91153528.\r\n\r\nCybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the process of downloading files, which may result in SQL injection.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000024.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000024",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN71045461/",
"@id": "JVN#71045461",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0821",
"@id": "CVE-2014-0821",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0821",
"@id": "CVE-2014-0821",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2014-000073
Vulnerability from jvndb
Published
2014-07-15 14:44
Modified
2014-07-23 11:00
Summary
Cybozu Garoon CGI vulnerable to remote command execution
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability.
Masaaki Chida of GREE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000073.html",
"dc:date": "2014-07-23T11:00+09:00",
"dcterms:issued": "2014-07-15T14:44+09:00",
"dcterms:modified": "2014-07-23T11:00+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. \r\n\r\nMasaaki Chida of GREE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000073.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000073",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42024228/index.html",
"@id": "JVN#42024228",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1987",
"@id": "CVE-2014-1987",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1987",
"@id": "CVE-2014-1987",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Cybozu Garoon CGI vulnerable to remote command execution"
}
jvndb-2013-000114
Vulnerability from jvndb
Published
2013-12-03 13:45
Modified
2013-12-06 10:47
Summary
Cybozu Garoon vulnerable to SQL injection
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000114.html",
"dc:date": "2013-12-06T10:47+09:00",
"dcterms:issued": "2013-12-03T13:45+09:00",
"dcterms:modified": "2013-12-06T10:47+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a SQL injection vulnerability in the Space function.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000114.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000114",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82375148/index.html",
"@id": "JVN#82375148",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6001",
"@id": "CVE-2013-6001",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6001",
"@id": "CVE-2013-6001",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-89",
"@title": "SQL Injection(CWE-89)"
}
],
"title": "Cybozu Garoon vulnerable to SQL injection"
}
jvndb-2013-000115
Vulnerability from jvndb
Published
2013-12-03 13:46
Modified
2013-12-06 10:48
Summary
Cybozu Garoon vulnerable to denial-of-service (DoS)
Details
Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000115.html",
"dc:date": "2013-12-06T10:48+09:00",
"dcterms:issued": "2013-12-03T13:46+09:00",
"dcterms:modified": "2013-12-06T10:48+09:00",
"description": "Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a denial-of-service (DoS) vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000115.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000115",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN94245330/index.html",
"@id": "JVN#94245330",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6002",
"@id": "CVE-2013-6002",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6002",
"@id": "CVE-2013-6002",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Cybozu Garoon vulnerable to denial-of-service (DoS)"
}
jvndb-2011-000045
Vulnerability from jvndb
Published
2011-06-24 19:18
Modified
2011-06-24 19:18
Summary
Multiple Cybozu products vulnerable to cross-site scripting
Details
Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.
Multiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.
Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
| Cybozu, Inc. | Cybozu Office |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html",
"dc:date": "2011-06-24T19:18+09:00",
"dcterms:issued": "2011-06-24T19:18+09:00",
"dcterms:modified": "2011-06-24T19:18+09:00",
"description": "Multiple products provided by Cybozu, Inc. contain a cross-site scripting vulnerability.\r\n\r\nMultiple groupware provided by Cybozu, Inc. contain a cross-site scripting vulnerability due to an issue when downloading graphic files from the bulletin board system.\r\n\r\nSen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000045.html",
"sec:cpe": [
{
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cybozu:office",
"@product": "Cybozu Office",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000045",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN80877328/index.html",
"@id": "JVN#80877328",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1333",
"@id": "CVE-2011-1333",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1333",
"@id": "CVE-2011-1333",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Cybozu products vulnerable to cross-site scripting"
}
jvndb-2016-000227
Vulnerability from jvndb
Published
2016-12-19 13:36
Modified
2017-11-27 16:58
Severity
Summary
Cybozu Garoon vulnerable to cross-site request forgery
Details
Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability (CWE-352).
Yasuda Yuya reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN15222211/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4909 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4909 |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000227.html",
"dc:date": "2017-11-27T16:58+09:00",
"dcterms:issued": "2016-12-19T13:36+09:00",
"dcterms:modified": "2017-11-27T16:58+09:00",
"description": "Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYasuda Yuya reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000227.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:garoon",
"@product": "Cybozu Garoon",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000227",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15222211/index.html",
"@id": "JVN#15222211",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4909",
"@id": "CVE-2016-4909",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4909",
"@id": "CVE-2016-4909",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Cybozu Garoon vulnerable to cross-site request forgery"
}