Vulnerabilities > Cybozu

DATE CVE VULNERABILITY TITLE RISK
2017-06-09 CVE-2016-7802 Path Traversal vulnerability in Cybozu Garoon
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
network
low complexity
cybozu CWE-22
6.5
6.5
2017-06-09 CVE-2016-7801 Improper Access Control vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
network
low complexity
cybozu CWE-284
4.3
4.3
2017-06-09 CVE-2016-4910 Improper Access Control vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
network
low complexity
cybozu CWE-284
4.3
4.3
2017-06-09 CVE-2016-4909 Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
network
low complexity
cybozu CWE-352
4.3
4.3
2017-06-09 CVE-2016-4908 Improper Access Control vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
network
low complexity
cybozu CWE-284
4.3
4.3
2017-06-09 CVE-2016-4907 Cross-Site Request Forgery (CSRF) vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
network
low complexity
cybozu CWE-352
8.8
8.8
2017-06-09 CVE-2016-4906 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
network
low complexity
cybozu CWE-79
6.1
6.1
2017-04-28 CVE-2017-2116 Unspecified vulnerability in Cybozu Office
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
network
low complexity
cybozu
4.3
4.3
2017-04-28 CVE-2017-2115 Incorrect Permission Assignment for Critical Resource vulnerability in Cybozu Office
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
network
low complexity
cybozu CWE-732
4.3
4.3
2017-04-28 CVE-2017-2114 Cross-site Scripting vulnerability in Cybozu Office
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
5.4