GCVE - cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:garoon:4.2.4:*:*:*:*:*:*:*

part: a version: 4.2.4 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Garoon (`d176de44-7896-57c4-9c0a-d58b65def00b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-2258`	vulnerable	2026-06-03 14:37:07.100866	Details available Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.178Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9846 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2257`	vulnerable	2026-06-03 14:37:07.100483	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.086Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9765 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2256`	vulnerable	2026-06-03 14:37:07.099475	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.058Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9744 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2255`	vulnerable	2026-06-03 14:37:07.098448	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:04.391Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9746 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2254`	vulnerable	2026-06-03 14:37:07.094780	Details available Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.059Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9751 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2146`	vulnerable	2026-06-03 14:37:06.756604	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:05.030Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9702 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2145`	vulnerable	2026-06-03 14:37:06.752306	Details available Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:03.543Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9695 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.