Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cybozu garoon 4.0.0 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-5934
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
Cybozu Garoon
4.3
CVSSv3
CVE-2019-5943
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated malicious users to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
Cybozu Garoon
4.3
CVSSv3
CVE-2021-20760
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to alter the data of User Profile without the appropriate privilege.
Cybozu Garoon
5.4
CVSSv3
CVE-2021-20774
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated malicious user to inject an arbitrary script via unspecified vectors.
Cybozu Garoon
4.3
CVSSv3
CVE-2021-20773
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated malicious user to delete the route information Workflow without the appropriate privilege.
Cybozu Garoon
5.4
CVSSv3
CVE-2022-26368
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated malicious user to alter and/or obtain the data of Cabinet.
Cybozu Garoon
6.5
CVSSv3
CVE-2022-29892
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated malicious user to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
Cybozu Garoon
4.3
CVSSv3
CVE-2021-20768
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated malicious user to delete the data of Scheduler and MultiReport without the appropriate privilege.
Cybozu Garoon
6.5
CVSSv3
CVE-2022-29512
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated malicious user to obtain the data without the viewing privilege.
Cybozu Garoon
2.7
CVSSv3
CVE-2021-20761
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
Cybozu Garoon
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »