Action not permitted
Modal body text goes here.
Modal Title
Modal Body
jvndb-2021-000073
Vulnerability from jvndb
Published
2021-08-02 16:42
Modified
2022-05-24 15:16
Severity ?
Summary
Multiple vulnerabilities in Cybozu Garoon
Details
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.
* [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753
* [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754
* [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755
* [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756
* [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757
* [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758
* [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759
* [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760
* [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761
* [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762
* [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763
* [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764
* [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765
* [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766
* [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767
* [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768
* [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769
* [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770
* [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771
* [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772
* [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773
* [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774
* [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775
CVE-2021-20753
Masato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766
Yuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20760, CVE-2021-20761, CVE-2021-20767
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20771
Ren Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.
CVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775
Cybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000073.html", "dc:date": "2022-05-24T15:16+09:00", "dcterms:issued": "2021-08-02T16:42+09:00", "dcterms:modified": "2022-05-24T15:16+09:00", description: "Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below.\r\n\r\n* [CyVDB-1782] Cross-site scripting vulnerability in Scheduler (CWE-79) - CVE-2021-20753\r\n* [CyVDB-2029] Improper input validation vulnerability in Workflow (CWE-20) - CVE-2021-20754\r\n* [CyVDB-2071] Viewing restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20755\r\n* [CyVDB-2085] Viewing restrictions bypass vulnerability in Address (CWE-264) - CVE-2021-20756\r\n* [CyVDB-2092] Operational restrictions bypass vulnerability in E-mail (CWE-264) - CVE-2021-20757\r\n* [CyVDB-2099] Cross-site request forgery vulnerability in Message (CWE-352) - CVE-2021-20758\r\n* [CyVDB-2103] Operational restrictions bypass vulnerability in Bulletin (CWE-264) - CVE-2021-20759\r\n* [CyVDB-2234] Improper input validation vulnerability in User Profile (CWE-20) - CVE-2021-20760\r\n* [CyVDB-2245][CyVDB-2374] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20761\r\n* [CyVDB-2283] Improper input validation vulnerability in E-mail (CWE-20) - CVE-2021-20762\r\n* [CyVDB-2368] Operational restrictions bypass vulnerability in Portal (CWE-264) - CVE-2021-20763\r\n* [CyVDB-2388] Improper input validation vulnerability in Attaching Files (CWE-20) - CVE-2021-20764\r\n* [CyVDB-2406] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20765\r\n* [CyVDB-2407] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20766\r\n* [CyVDB-2446] Cross-site scripting vulnerability in Full Text Search (CWE-79) - CVE-2021-20767\r\n* [CyVDB-2448] Operational restrictions bypass vulnerability in Scheduler and MultiReport (CWE-264) - CVE-2021-20768\r\n* [CyVDB-2568] Cross-site scripting vulnerability in Bulletin (CWE-79) - CVE-2021-20769\r\n* [CyVDB-2659] Cross-site scripting vulnerability in Message (CWE-79) - CVE-2021-20770\r\n* [CyVDB-2193] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20771\r\n* [CyVDB-2479] Title information disclosure vulnerability in Bulletin (CWE-264) - CVE-2021-20772\r\n* [CyVDB-2755] Vulnerability where route information of Workflow is deleted unintentionally - CVE-2021-20773\r\n* [CyVDB-2766] Cross-site scripting vulnerability in some functions of E-mail (CWE-79) - CVE-2021-20774\r\n* [CyVDB-2903] Comment destination information disclosure vulnerability (CWE-20) - CVE-2021-20775\r\n\r\nCVE-2021-20753\r\nMasato Kinugawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20755, CVE-2021-20764, CVE-2021-20765, CVE-2021-20766\r\nYuji Tounai reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20760, CVE-2021-20761, CVE-2021-20767\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to Cybozu, Inc. and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20771\r\nRen Hirasawa reported this vulnerability to Cybozu, Inc. and Cybozu, Inc. reported it to JPCERT/CC to notify users of the solutions through JVN.\r\n\r\nCVE-2021-20754, CVE-2021-20756, CVE-2021-20757, CVE-2021-20758, CVE-2021-20759, CVE-2021-20762, CVE-2021-20763, CVE-2021-20768, CVE-2021-20769, CVE-2021-20770, CVE-2021-20772, CVE-2021-20773, CVE-2021-20774, CVE-2021-20775\r\nCybozu, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solution through JVN.", link: "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000073.html", "sec:cpe": { "#text": "cpe:/a:cybozu:garoon", "@product": "Cybozu Garoon", "@vendor": "Cybozu, Inc.", "@version": "2.2", }, "sec:cvss": [ { "@score": "5.5", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "@version": "2.0", }, { "@score": "5.4", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "@version": "3.0", }, ], "sec:identifier": "JVNDB-2021-000073", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN54794245/index.html", "@id": "JVN#54794245", "@source": "JVN", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20753", "@id": "CVE-2021-20753", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20754", "@id": "CVE-2021-20754", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20755", "@id": "CVE-2021-20755", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20756", "@id": "CVE-2021-20756", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20757", "@id": "CVE-2021-20757", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20758", "@id": "CVE-2021-20758", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20759", "@id": "CVE-2021-20759", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20760", "@id": "CVE-2021-20760", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20761", "@id": "CVE-2021-20761", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20762", "@id": "CVE-2021-20762", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20763", "@id": "CVE-2021-20763", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20764", "@id": "CVE-2021-20764", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20765", "@id": "CVE-2021-20765", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20766", "@id": "CVE-2021-20766", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20767", "@id": "CVE-2021-20767", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20768", "@id": "CVE-2021-20768", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20769", "@id": "CVE-2021-20769", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20770", "@id": "CVE-2021-20770", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20771", "@id": "CVE-2021-20771", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20772", "@id": "CVE-2021-20772", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20773", "@id": "CVE-2021-20773", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20774", "@id": "CVE-2021-20774", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20775", "@id": "CVE-2021-20775", "@source": "CVE", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20753", "@id": "CVE-2021-20753", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20754", "@id": "CVE-2021-20754", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20755", "@id": "CVE-2021-20755", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20756", "@id": "CVE-2021-20756", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20757", "@id": "CVE-2021-20757", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20758", "@id": "CVE-2021-20758", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20759", "@id": "CVE-2021-20759", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20760", "@id": "CVE-2021-20760", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20761", "@id": "CVE-2021-20761", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20762", "@id": "CVE-2021-20762", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20763", "@id": "CVE-2021-20763", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20766", "@id": "CVE-2021-20766", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20767", "@id": "CVE-2021-20767", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20768", "@id": "CVE-2021-20768", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20769", "@id": "CVE-2021-20769", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20770", "@id": "CVE-2021-20770", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20771", "@id": "CVE-2021-20771", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20772", "@id": "CVE-2021-20772", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20773", "@id": "CVE-2021-20773", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20774", "@id": "CVE-2021-20774", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20775", "@id": "CVE-2021-20775", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20764", "@id": "CVE-2021-20764", "@source": "NVD", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20765", "@id": "CVE-2021-20765", "@source": "NVD", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-20", "@title": "Improper Input Validation(CWE-20)", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-352", "@title": "Cross-Site Request Forgery(CWE-352)", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)", }, ], title: "Multiple vulnerabilities in Cybozu Garoon", }
cve-2021-20775
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.10.0 to 5.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:24", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20775", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.10.0 to 5.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20775", datePublished: "2021-08-18T05:36:24", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20764
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:07", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20764", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20764", datePublished: "2021-08-18T05:36:07", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20761
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:02", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20761", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20761", datePublished: "2021-08-18T05:36:02", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20766
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:10", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20766", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20766", datePublished: "2021-08-18T05:36:10", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.093Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20765
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.170Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:08", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20765", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20765", datePublished: "2021-08-18T05:36:09", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.170Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20773
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Vulnerability where information is deleted unintentionally", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:21", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20773", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Vulnerability where information is deleted unintentionally", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20773", datePublished: "2021-08-18T05:36:21", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.159Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20757
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Operational restrictions bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:56", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Operational restrictions bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20757", datePublished: "2021-08-18T05:35:56", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.116Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20759
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.051Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.6.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Operational restrictions bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:59", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20759", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.6.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Operational restrictions bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20759", datePublished: "2021-08-18T05:35:59", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.051Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20755
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.065Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Viewing restrictions bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:52", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Viewing restrictions bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20755", datePublished: "2021-08-18T05:35:53", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20758
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.087Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site request forgery", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:57", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20758", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site request forgery", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20758", datePublished: "2021-08-18T05:35:57", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.087Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20753
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.023Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:49", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20753", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20753", datePublished: "2021-08-18T05:35:49", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.023Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20770
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.066Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.6.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:16", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20770", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.6.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20770", datePublished: "2021-08-18T05:36:16", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20762
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.067Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:04", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20762", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20762", datePublished: "2021-08-18T05:36:04", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.067Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20756
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.061Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Viewing restrictions bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:54", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20756", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Viewing restrictions bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20756", datePublished: "2021-08-18T05:35:54", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.061Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20754
Vulnerability from cvelistv5
Published
2021-08-18 05:35
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:35:51", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20754", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20754", datePublished: "2021-08-18T05:35:51", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.053Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20767
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.163Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:12", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20767", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20767", datePublished: "2021-08-18T05:36:12", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20763
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Operational restrictions bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:05", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20763", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Operational restrictions bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20763", datePublished: "2021-08-18T05:36:05", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.118Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20771
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-19T09:15:10", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20771", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20771", datePublished: "2021-08-18T05:36:18", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20774
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:23", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20774", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20774", datePublished: "2021-08-18T05:36:23", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.071Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20768
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Operational restrictions bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:13", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20768", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Operational restrictions bypass", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20768", datePublished: "2021-08-18T05:36:13", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.105Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20760
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.0.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.0.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Input Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20760", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.0.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20760", datePublished: "2021-08-18T05:36:01", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.102Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20769
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.0.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.6.0 to 5.0.2", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-site scripting", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:15", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20769", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.6.0 to 5.0.2", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-site scripting", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20769", datePublished: "2021-08-18T05:36:15", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20772
Vulnerability from cvelistv5
Published
2021-08-18 05:36
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cs.cybozu.co.jp/2021/007206.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54794245/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.5.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:53:22.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cybozu Garoon", vendor: "Cybozu, Inc.", versions: [ { status: "affected", version: "4.10.0 to 5.5.0", }, ], }, ], descriptions: [ { lang: "en", value: "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-18T05:36:19", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cs.cybozu.co.jp/2021/007206.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2021-20772", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cybozu Garoon", version: { version_data: [ { version_value: "4.10.0 to 5.5.0", }, ], }, }, ], }, vendor_name: "Cybozu, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://cs.cybozu.co.jp/2021/007206.html", refsource: "MISC", url: "https://cs.cybozu.co.jp/2021/007206.html", }, { name: "https://jvn.jp/en/jp/JVN54794245/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54794245/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2021-20772", datePublished: "2021-08-18T05:36:20", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:53:22.116Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.