CybozuCVEs & Vulnerabilities

327 CVEs affecting Cybozu products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

garoon 1,365office 411mailwise 76remote service manager 38kunai 37dezie 33cybozu office 15kintone 14
CVE-2021-20807MEDIUM

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.

13 Oct 2021
6.1
CVSS
CVE-2021-20806MEDIUM

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

13 Oct 2021
6.1
CVSS
CVE-2021-20805MEDIUM

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

13 Oct 2021
5.4
CVSS
CVE-2021-20804MEDIUM

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.

13 Oct 2021
6.5
CVSS
CVE-2021-20803MEDIUM

Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.

13 Oct 2021
5.4
CVSS
CVE-2021-20802MEDIUM

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.

13 Oct 2021
5.3
CVSS
CVE-2021-20801MEDIUM

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

13 Oct 2021
6.5
CVSS
CVE-2021-20800MEDIUM

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

13 Oct 2021
5.4
CVSS
CVE-2021-20799MEDIUM

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

13 Oct 2021
5.4
CVSS
CVE-2021-20798MEDIUM

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

13 Oct 2021
5.4
CVSS
CVE-2021-20797MEDIUM

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.

13 Oct 2021
5.4
CVSS
CVE-2021-20796MEDIUM

Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.

13 Oct 2021
6.5
CVSS
CVE-2021-20795HIGH

Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.

13 Oct 2021
8.8
CVSS
CVE-2021-20775MEDIUM

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20774MEDIUM

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
5.4
CVSS
CVE-2021-20773MEDIUM

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20772MEDIUM

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20771MEDIUM

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
6.1
CVSS
CVE-2021-20770MEDIUM

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
5.4
CVSS
CVE-2021-20769MEDIUM

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
5.4
CVSS
CVE-2021-20768MEDIUM

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20767MEDIUM

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
5.4
CVSS
CVE-2021-20766MEDIUM

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
6.1
CVSS
CVE-2021-20765MEDIUM

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
6.1
CVSS
CVE-2021-20764MEDIUM

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.

18 Aug 2021
5.3
CVSS
CVE-2021-20763MEDIUM

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20762MEDIUM

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20761LOW

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.

18 Aug 2021
2.7
CVSS
CVE-2021-20760MEDIUM

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20759MEDIUM

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20758HIGH

Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.

18 Aug 2021
8.0
CVSS
CVE-2021-20757MEDIUM

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20756MEDIUM

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20755MEDIUM

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20754MEDIUM

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.

18 Aug 2021
4.3
CVSS
CVE-2021-20753MEDIUM

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.

18 Aug 2021
5.4
CVSS
CVE-2021-20634MEDIUM

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors.

18 Mar 2021
4.3
CVSS
CVE-2021-20633MEDIUM

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors.

18 Mar 2021
4.3
CVSS
CVE-2021-20632MEDIUM

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors.

18 Mar 2021
4.3
CVSS
CVE-2021-20631MEDIUM

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors.

18 Mar 2021
6.5
CVSS
CVE-2021-20630MEDIUM

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors.

18 Mar 2021
4.3
CVSS
CVE-2021-20629MEDIUM

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.

18 Mar 2021
6.1
CVSS
CVE-2021-20628MEDIUM

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.

18 Mar 2021
6.1
CVSS
CVE-2021-20627MEDIUM

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.

18 Mar 2021
6.1
CVSS
CVE-2021-20626MEDIUM

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.

18 Mar 2021
6.5
CVSS
CVE-2021-20625MEDIUM

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.

18 Mar 2021
4.3
CVSS
CVE-2021-20624MEDIUM

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.

18 Mar 2021
6.5
CVSS
CVE-2020-5643MEDIUM

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.

6 Nov 2020
6.5
CVSS