CybozuCVEs & Vulnerabilities

327 CVEs affecting Cybozu products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

garoon 1.365office 411mailwise 76remote service manager 38kunai 37dezie 33cybozu office 15kintone 14
CVE-2024-39817MEDIUM

Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

6 Aug 2024
6.5
CVSS
CVE-2024-39457MEDIUM

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.

19 Jul 2024
5.4
CVSS
CVE-2024-31402MEDIUM

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

11 Jun 2024
4.3
CVSS
CVE-2024-31399MEDIUM

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

11 Jun 2024
6.5
CVSS
CVE-2024-31398MEDIUM

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

11 Jun 2024
4.3
CVSS
CVE-2024-31397MEDIUM

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.

11 Jun 2024
4.9
CVSS
CVE-2024-31404MEDIUM

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

11 Jun 2024
4.3
CVSS
CVE-2024-31403MEDIUM

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

11 Jun 2024
5.4
CVSS
CVE-2024-31401CRITICAL

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

11 Jun 2024
9.0
CVSS
CVE-2024-31400MEDIUM

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.

11 Jun 2024
6.5
CVSS
CVE-2024-23304HIGH

Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.

6 Feb 2024
7.5
CVSS
CVE-2023-46278MEDIUM

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.

1 Nov 2023
6.5
CVSS
CVE-2022-26838MEDIUM

Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

3 Aug 2023
6.5
CVSS
CVE-2023-27384MEDIUM

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

23 May 2023
4.3
CVSS
CVE-2023-27304MEDIUM

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

23 May 2023
4.3
CVSS
CVE-2023-26595MEDIUM

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

23 May 2023
6.5
CVSS
CVE-2022-44608HIGH

Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.

7 Dec 2022
7.5
CVSS
CVE-2022-33311MEDIUM

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.

18 Aug 2022
4.3
CVSS
CVE-2022-33151MEDIUM

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

18 Aug 2022
6.1
CVSS
CVE-2022-32583MEDIUM

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

18 Aug 2022
4.3
CVSS
CVE-2022-32544MEDIUM

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

18 Aug 2022
4.3
CVSS
CVE-2022-32453MEDIUM

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.

18 Aug 2022
6.5
CVSS
CVE-2022-32283MEDIUM

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

18 Aug 2022
4.3
CVSS
CVE-2022-30693MEDIUM

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

18 Aug 2022
5.3
CVSS
CVE-2022-30604MEDIUM

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2022
6.1
CVSS
CVE-2022-29891MEDIUM

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

18 Aug 2022
4.3
CVSS
CVE-2022-29487MEDIUM

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2022
6.1
CVSS
CVE-2022-28715MEDIUM

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2022
6.1
CVSS
CVE-2022-25986MEDIUM

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

18 Aug 2022
4.3
CVSS
CVE-2022-31472MEDIUM

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

11 Jul 2022
4.3
CVSS
CVE-2022-30943MEDIUM

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

11 Jul 2022
4.3
CVSS
CVE-2022-30602HIGH

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

11 Jul 2022
8.1
CVSS
CVE-2022-29512MEDIUM

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

11 Jul 2022
6.5
CVSS
CVE-2022-29892MEDIUM

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

4 Jul 2022
6.5
CVSS
CVE-2022-29513MEDIUM

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

4 Jul 2022
4.8
CVSS
CVE-2022-29484HIGH

Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

4 Jul 2022
8.1
CVSS
CVE-2022-29471MEDIUM

Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

4 Jul 2022
4.3
CVSS
CVE-2022-29467MEDIUM

Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

4 Jul 2022
4.3
CVSS
CVE-2022-28718MEDIUM

Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

4 Jul 2022
4.3
CVSS
CVE-2022-28713MEDIUM

Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.

4 Jul 2022
5.3
CVSS
CVE-2022-28692MEDIUM

Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.

4 Jul 2022
4.3
CVSS
CVE-2022-27807MEDIUM

Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.

4 Jul 2022
4.3
CVSS
CVE-2022-27803MEDIUM

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.

4 Jul 2022
4.3
CVSS
CVE-2022-27661MEDIUM

Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.

4 Jul 2022
4.3
CVSS
CVE-2022-27627MEDIUM

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.

4 Jul 2022
6.1
CVSS
CVE-2022-26368MEDIUM

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.

4 Jul 2022
5.4
CVSS
CVE-2022-26054MEDIUM

Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.

4 Jul 2022
4.3
CVSS
CVE-2022-26051MEDIUM

Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.

4 Jul 2022
4.3
CVSS
← PrevPage 1 / 7Next →