CybozuCVEs & Vulnerabilities

327 CVEs affecting Cybozu products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

garoon 1,365office 411mailwise 76remote service manager 38kunai 37dezie 33cybozu office 15kintone 14
CVE-2017-2116MEDIUM

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

28 Apr 2017
4.3
CVSS
CVE-2017-2115MEDIUM

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

28 Apr 2017
4.3
CVSS
CVE-2017-2114MEDIUM

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

28 Apr 2017
5.4
CVSS
CVE-2017-2109LOW

Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.

28 Apr 2017
2.5
CVSS
CVE-2017-2095MEDIUM

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

28 Apr 2017
4.3
CVSS
CVE-2017-2094MEDIUM

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

28 Apr 2017
4.3
CVSS
CVE-2017-2093MEDIUM

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

28 Apr 2017
4.3
CVSS
CVE-2017-2092MEDIUM

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

28 Apr 2017
5.4
CVSS
CVE-2017-2091MEDIUM

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

28 Apr 2017
4.3
CVSS
CVE-2016-7815MEDIUM

Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

28 Apr 2017
4.2
CVSS
CVE-2016-1187MEDIUM

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

21 Apr 2017
6.8
CVSS
CVE-2016-1186MEDIUM

Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.

21 Apr 2017
5.9
CVSS
CVE-2016-4841MEDIUM

Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.

21 Apr 2017
4.3
CVSS
CVE-2016-1194MEDIUM

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.

21 Apr 2017
6.5
CVSS
CVE-2016-4844MEDIUM

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

20 Apr 2017
4.3
CVSS
CVE-2016-4843MEDIUM

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.

20 Apr 2017
6.5
CVSS
CVE-2016-4842MEDIUM

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.

20 Apr 2017
4.3
CVSS
CVE-2016-1220MEDIUM

Cybozu Garoon before 4.2.2 does not properly restrict access.

20 Apr 2017
4.3
CVSS
CVE-2016-1218HIGH

SQL injection vulnerability in Cybozu Garoon before 4.2.2.

20 Apr 2017
8.8
CVSS
CVE-2016-1217MEDIUM

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

20 Apr 2017
6.1
CVSS
CVE-2016-1216MEDIUM

Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

20 Apr 2017
6.1
CVSS
CVE-2016-1215MEDIUM

Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.

20 Apr 2017
6.1
CVSS
CVE-2016-1214MEDIUM

Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

20 Apr 2017
6.1
CVSS
CVE-2016-1213MEDIUM

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

20 Apr 2017
6.1
CVSS
CVE-2016-1219CRITICAL

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

20 Apr 2017
9.8
CVSS
CVE-2016-4874LOW

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

17 Apr 2017
3.5
CVSS
CVE-2016-4873MEDIUM

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

17 Apr 2017
4.3
CVSS
CVE-2016-4872MEDIUM

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

17 Apr 2017
4.3
CVSS
CVE-2016-4871MEDIUM

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.

17 Apr 2017
6.5
CVSS
CVE-2016-4870MEDIUM

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

17 Apr 2017
5.4
CVSS
CVE-2016-4869MEDIUM

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

17 Apr 2017
6.5
CVSS
CVE-2016-4868MEDIUM

Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

17 Apr 2017
4.3
CVSS
CVE-2016-4867MEDIUM

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

17 Apr 2017
4.3
CVSS
CVE-2016-4866MEDIUM

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.

17 Apr 2017
4.8
CVSS
CVE-2016-4865MEDIUM

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

17 Apr 2017
4.8
CVSS
CVE-2016-1193HIGH

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

26 Jun 2016
7.5
CVSS
CVE-2016-1190MEDIUM

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

26 Jun 2016
6.5
CVSS
CVE-2016-1189HIGH

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

26 Jun 2016
8.1
CVSS
CVE-2016-1188MEDIUM

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

26 Jun 2016
6.5
CVSS
CVE-2016-1196MEDIUM

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

19 Jun 2016
4.3
CVSS
CVE-2016-1192MEDIUM

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

19 Jun 2016
4.3
CVSS
CVE-2016-1191MEDIUM

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

19 Jun 2016
5.3
CVSS
CVE-2015-7776MEDIUM

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

19 Jun 2016
4.3
CVSS
CVE-2016-1197MEDIUM

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.

19 Jun 2016
6.1
CVSS
CVE-2016-1195HIGH

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

19 Jun 2016
7.4
CVSS
CVE-2015-7775MEDIUM

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.

19 Jun 2016
5.4
CVSS
CVE-2016-1185LOW

The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

25 Apr 2016
2.5
CVSS
CVE-2016-1153MEDIUM

customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489.

17 Feb 2016
6.5
CVSS
Cybozu CVEs & Vulnerabilities — 327 Tracked — Page 5