Vulnerabilities > Cybozu

DATE CVE VULNERABILITY TITLE RISK
2019-05-17 CVE-2019-5931 Improper Input Validation vulnerability in Cybozu Garoon
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
network
low complexity
cybozu CWE-20
5.5
2019-05-17 CVE-2019-5930 Unspecified vulnerability in Cybozu Garoon
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
network
low complexity
cybozu
4.0
2019-05-17 CVE-2019-5929 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
network
cybozu CWE-79
4.3
2019-05-17 CVE-2019-5928 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
network
cybozu CWE-79
4.3
2019-01-09 CVE-2018-16178 Unspecified vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
network
low complexity
cybozu
5.0
2019-01-09 CVE-2018-16172 Improper Restriction of Rendered UI Layers or Frames vulnerability in Cybozu Remote Service Manager
Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate.
network
cybozu CWE-1021
5.8
2019-01-09 CVE-2018-16171 Path Traversal vulnerability in Cybozu Remote Service Manager
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors.
6.8
2019-01-09 CVE-2018-16170 Path Traversal vulnerability in Cybozu Remote Service Manager
Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 for Windows allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cybozu microsoft CWE-22
6.5
2019-01-09 CVE-2018-16169 Unrestricted Upload of File with Dangerous Type vulnerability in Cybozu Remote Service Manager 3.0.0/3.0.1/3.1.0
Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Java code file on the server via unspecified vectors.
network
low complexity
cybozu CWE-434
6.5
2019-01-09 CVE-2018-0705 Path Traversal vulnerability in Cybozu Dezie
Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allows remote attackers to read arbitrary files via HTTP requests.
network
low complexity
cybozu CWE-22
7.5