GCVE - cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:garoon:4.0.0:*:*:*:*:*:*:*

part: a version: 4.0.0 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Garoon (`d176de44-7896-57c4-9c0a-d58b65def00b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-2145`	vulnerable	2026-06-03 14:37:06.749504	Details available Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:03.543Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9695 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2095`	vulnerable	2026-06-03 14:37:06.611704	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.320Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9660 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2094`	vulnerable	2026-06-03 14:37:06.610618	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.317Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9655 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2093`	vulnerable	2026-06-03 14:37:06.609709	Details available Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.363Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN73182875/index.html https://support.cybozu.com/ja-jp/article/9647 http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2092`	vulnerable	2026-06-03 14:37:06.608092	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.334Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9555 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2091`	vulnerable	2026-06-03 14:37:06.603469	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.243Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9570 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7803`	vulnerable	2026-06-03 14:36:08.273872	Details available SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T02:04:56.031Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94974 https://jvn.jp/en/jp/JVN17980240/index.html https://support.cybozu.com/ja-jp/article/9447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7802`	vulnerable	2026-06-03 14:36:08.272989	Details available Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T02:04:56.075Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9561 https://jvn.jp/en/jp/JVN16200242/index.html http://www.securityfocus.com/bid/94967	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7801`	vulnerable	2026-06-03 14:36:08.268988	Details available Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T02:04:56.026Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN14631222/index.html http://www.securityfocus.com/bid/94966 https://support.cybozu.com/ja-jp/article/9437	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4910`	vulnerable	2026-06-03 14:35:53.731726	Details available Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.235Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN14631222/index.html https://support.cybozu.com/ja-jp/article/9461 http://www.securityfocus.com/bid/94966	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4909`	vulnerable	2026-06-03 14:35:53.730858	Details available Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.803Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94973 http://www.securityfocus.com/bid/97911 https://support.cybozu.com/ja-jp/article/9459 https://jvn.jp/en/jp/JVN15222211/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4908`	vulnerable	2026-06-03 14:35:53.729860	Details available Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.909Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN14631222/index.html http://www.securityfocus.com/bid/97912 http://www.securityfocus.com/bid/94966 https://support.cybozu.com/ja-jp/article/9399	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4907`	vulnerable	2026-06-03 14:35:53.728929	Details available Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.385Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9441 http://www.securityfocus.com/bid/94965 https://jvn.jp/en/jp/JVN13218253/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4906`	vulnerable	2026-06-03 14:35:53.724798	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.522Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94969 https://support.cybozu.com/ja-jp/article/9511 https://jvn.jp/en/jp/JVN12281353/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1197`	vulnerable	2026-06-03 14:35:30.906279	Details available Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. Published: 2016-06-19T15:00:00.000Z Updated: 2024-08-05T22:48:13.539Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN37121456/index.html https://support.cybozu.com/ja-jp/article/9303 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000083	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1196`	vulnerable	2026-06-03 14:35:30.905887	Details available Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-05T22:48:13.483Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN33879831/index.html https://support.cybozu.com/ja-jp/article/8970 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1195`	vulnerable	2026-06-03 14:35:30.904988	Details available Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Published: 2016-06-19T15:00:00.000Z Updated: 2024-08-05T22:48:13.488Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/8987 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081 http://jvn.jp/en/jp/JVN32218514/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1193`	vulnerable	2026-06-03 14:35:30.903832	Details available Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.499Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN25765762/index.html https://support.cybozu.com/ja-jp/article/8919 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000079	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1192`	vulnerable	2026-06-03 14:35:30.903282	Details available Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-05T22:48:13.555Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN14749391/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000095 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1191`	vulnerable	2026-06-03 14:35:30.902659	Details available Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-05T22:48:13.542Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078 http://jvn.jp/en/jp/JVN14749391/index.html https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1190`	vulnerable	2026-06-03 14:35:30.895570	Details available Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.496Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/8877 http://jvn.jp/en/jp/JVN18975349/index.html https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1189`	vulnerable	2026-06-03 14:35:30.894789	Details available Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.489Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN18975349/index.html https://support.cybozu.com/ja-jp/article/9020 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1188`	vulnerable	2026-06-03 14:35:30.891980	Details available Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.490Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN18975349/index.html https://support.cybozu.com/ja-jp/article/8845 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7776`	vulnerable	2026-06-03 14:35:09.908857	Details available Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-06T07:58:59.965Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN53542912/index.html https://support.cybozu.com/ja-jp/article/8897 https://support.cybozu.com/ja-jp/article/8757 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085 https://support.cybozu.com/ja-jp/article/8982	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5649`	vulnerable	2026-06-03 14:35:00.357932	Details available Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. Published: 2015-10-08T20:00:00.000Z Updated: 2024-08-06T06:59:03.498Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN38369032/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152 https://support.cybozu.com/ja-jp/article/9176	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5647`	vulnerable	2026-06-03 14:35:00.350647	Details available The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. Published: 2015-10-12T10:00:00.000Z Updated: 2024-08-06T06:59:04.038Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151 https://support.cybozu.com/ja-jp/article/8810 http://jvn.jp/en/jp/JVN21025396/index.html http://jvn.jp/en/jp/JVN21025396/374951/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5646`	vulnerable	2026-06-03 14:35:00.348079	Details available Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. Published: 2015-10-12T10:00:00.000Z Updated: 2024-08-06T06:59:04.338Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/8811 http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151 http://jvn.jp/en/jp/JVN21025396/index.html http://jvn.jp/en/jp/JVN21025396/374951/index.html https://support.cybozu.com/ja-jp/article/8809	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cybozu Garoon 4.0.0

PURL mappings

Vulnerability references

Contribute