Vulnerabilities > Cybozu > Garoon > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-04 | CVE-2022-29484 | Unspecified vulnerability in Cybozu Garoon Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | 8.1 |
2017-04-20 | CVE-2016-1219 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 7.5 |
2015-10-12 | CVE-2015-5647 | Code Injection vulnerability in Cybozu Garoon The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | 8.5 |
2015-10-12 | CVE-2015-5646 | Code Injection vulnerability in Cybozu Garoon Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | 8.5 |
2015-10-08 | CVE-2015-5649 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. | 7.0 |
2014-07-20 | CVE-2014-1996 | Permissions, Privileges, and Access Controls vulnerability in Cybozu Garoon 3.7/3.7.0 Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | 7.5 |