Cybozu Garoon
198 CVEs affecting Cybozu Garoon. Latest disclosed: 2026-02-02. Critical: 3, High: 20.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-5945 | Critical | 9.8 | 2019-05-17 | Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon. |
CVE-2016-1219 | Critical | 9.8 | 2017-04-20 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. |
CVE-2024-31401 | Critical | 9.0 | 2024-06-11 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitr… |
CVE-2018-0607 | High | 8.8 | 2018-07-26 | SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL… |
CVE-2018-0530 | High | 8.8 | 2018-04-16 | SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. |
CVE-2016-7803 | High | 8.8 | 2017-06-09 | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" funct… |
CVE-2016-4907 | High | 8.8 | 2017-06-09 | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. |
CVE-2016-1218 | High | 8.8 | 2017-04-20 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
CVE-2019-5931 | High | 8.7 | 2019-05-17 | Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. |
CVE-2022-30602 | High | 8.1 | 2022-07-11 | Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/… |
CVE-2022-29484 | High | 8.1 | 2022-07-04 | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. |
CVE-2020-5580 | High | 8.1 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified ve… |
CVE-2018-0673 | High | 8.1 | 2018-11-15 | Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors. |
CVE-2016-1189 | High | 8.1 | 2016-06-25 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspe… |
CVE-2021-20758 | High | 8.0 | 2021-08-18 | Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication… |
CVE-2019-5991 | High | 7.6 | 2019-09-12 | SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vector… |
CVE-2026-22888 | High | 7.5 | 2026-02-02 | Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking ac… |
CVE-2020-5584 | High | 7.5 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. |
CVE-2020-5567 | High | 7.5 | 2020-04-28 | Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu. |
CVE-2018-16178 | High | 7.5 | 2019-01-09 | Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on fun… |