GCVE - cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:office:9.9.0:*:*:*:*:*:*:*

part: a version: 9.9.0 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Office (`3e47509a-1a03-5002-929e-9c2c66c074a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-4874`	vulnerable	2026-06-03 14:35:53.648569	Details available Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.544Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000193.html https://support.cybozu.com/ja-jp/article/9434 http://jvn.jp/en/jp/JVN11288252/index.html http://www.securityfocus.com/bid/97719	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4873`	vulnerable	2026-06-03 14:35:53.647933	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.532Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9442 http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000189.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4872`	vulnerable	2026-06-03 14:35:53.647275	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.546Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9424 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000188.html http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4871`	vulnerable	2026-06-03 14:35:53.646559	Details available Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:39.435Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97716 https://support.cybozu.com/ja-jp/article/9426 http://jvn.jp/en/jp/JVN10092452/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000192.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4870`	vulnerable	2026-06-03 14:35:53.645921	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:39.227Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9427 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000186.html http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4869`	vulnerable	2026-06-03 14:35:53.645272	Details available Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.556Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/97715 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000191.html http://jvn.jp/en/jp/JVN09736331/index.html https://support.cybozu.com/ja-jp/article/9428	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4868`	vulnerable	2026-06-03 14:35:53.644600	Details available Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.547Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9433 http://www.securityfocus.com/bid/97713 http://jvn.jp/en/jp/JVN08736331/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000190.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4867`	vulnerable	2026-06-03 14:35:53.643837	Details available Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.555Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000187.html http://www.securityfocus.com/bid/93461 http://jvn.jp/en/jp/JVN07148816/index.html https://support.cybozu.com/ja-jp/article/9429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4866`	vulnerable	2026-06-03 14:35:53.643145	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.521Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000185.html http://www.securityfocus.com/bid/93281 https://support.cybozu.com/ja-jp/article/9431 http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4865`	vulnerable	2026-06-03 14:35:53.638204	Details available Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. Published: 2017-04-17T15:00:00.000Z Updated: 2024-08-06T00:46:38.546Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9430 http://www.securityfocus.com/bid/93281 http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000184.html http://jvn.jp/en/jp/JVN06726266/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1153`	vulnerable	2026-06-03 14:35:30.761322	Details available customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.372Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020 http://jvn.jp/en/jp/JVN20246313/index.html https://cs.cybozu.co.jp/2016/006108.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1152`	vulnerable	2026-06-03 14:35:30.760889	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.336Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 http://jvn.jp/en/jp/JVN48720230/index.html https://cs.cybozu.co.jp/2015/006076.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1151`	vulnerable	2026-06-03 14:35:30.760426	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.498Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000024 https://cs.cybozu.co.jp/2016/006111.html http://jvn.jp/en/jp/JVN64209269/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1150`	vulnerable	2026-06-03 14:35:30.759940	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:13.005Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1149`	vulnerable	2026-06-03 14:35:30.755765	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-05T22:48:12.977Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8489`	vulnerable	2026-06-03 14:35:12.077665	Details available customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.463Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000020 http://jvn.jp/en/jp/JVN20246313/index.html https://cs.cybozu.co.jp/2015/006073.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8487`	vulnerable	2026-06-03 14:35:12.076910	Details available Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.428Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN47296923/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000022 https://cs.cybozu.co.jp/2015/006071.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8486`	vulnerable	2026-06-03 14:35:12.076313	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.523Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 http://jvn.jp/en/jp/JVN48720230/index.html https://cs.cybozu.co.jp/2015/006074.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8485`	vulnerable	2026-06-03 14:35:12.075860	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.516Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 https://cs.cybozu.co.jp/2015/006077.html http://jvn.jp/en/jp/JVN48720230/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8484`	vulnerable	2026-06-03 14:35:12.075392	Details available Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:41.753Z Open on db.gcve.eu Reference links https://cs.cybozu.co.jp/2016/006110.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000023 http://jvn.jp/en/jp/JVN48720230/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8483`	vulnerable	2026-06-03 14:35:12.074909	Details available Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T08:20:42.424Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN71428831/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000025 https://cs.cybozu.co.jp/2015/006088.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7798`	vulnerable	2026-06-03 14:35:09.950032	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.914Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7797`	vulnerable	2026-06-03 14:35:09.949373	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.893Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7796`	vulnerable	2026-06-03 14:35:09.948706	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:59:00.384Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7795`	vulnerable	2026-06-03 14:35:09.944553	Details available Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. Published: 2016-02-17T02:00:00.000Z Updated: 2024-08-06T07:58:59.980Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000026 https://cs.cybozu.co.jp/2015/006072.html https://cs.cybozu.co.jp/2015/006087.html https://cs.cybozu.co.jp/2016/006107.html http://jvn.jp/en/jp/JVN69278491/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cybozu Office 9.9.0

PURL mappings

Vulnerability references

Contribute