Vulnerabilities > Cybozu > Garoon > 4.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-0533 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. | 4.9 |
| 2018-04-16 | CVE-2018-0532 | Cross-site Scripting vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | 2.7 |
| 2018-04-16 | CVE-2018-0531 | Unspecified vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors. | 4.3 |
| 2018-04-16 | CVE-2018-0530 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-07-07 | CVE-2017-2145 | Session Fixation vulnerability in Cybozu Garoon Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | 5.4 |
| 2017-06-09 | CVE-2016-7803 | SQL Injection vulnerability in Cybozu Garoon SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | 8.8 |
| 2017-06-09 | CVE-2016-7802 | Path Traversal vulnerability in Cybozu Garoon Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 6.5 |
| 2017-06-09 | CVE-2016-7801 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4910 | Improper Access Control vulnerability in Cybozu Garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | 4.3 |
| 2017-06-09 | CVE-2016-4909 | Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | 4.3 |