GCVE - cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cybozu:garoon:3.5.3:*:*:*:*:*:*:*

part: a version: 3.5.3 update: *

Vendor	Cybozu (`6c3c6c19-80d3-5353-ad46-e08ec1369448`)
Product	Garoon (`d176de44-7896-57c4-9c0a-d58b65def00b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-2257`	vulnerable	2026-06-03 14:37:07.100223	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.086Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9765 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2256`	vulnerable	2026-06-03 14:37:07.099215	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.058Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9744 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2254`	vulnerable	2026-06-03 14:37:07.094507	Details available Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input Published: 2017-08-28T20:00:00.000Z Updated: 2024-08-05T13:48:05.059Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9751 https://jvn.jp/en/jp/JVN63564682/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2146`	vulnerable	2026-06-03 14:37:06.753166	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:05.030Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9702 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2144`	vulnerable	2026-06-03 14:37:06.746587	Details available Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. Published: 2017-07-07T13:00:00.000Z Updated: 2024-08-05T13:48:03.498Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9648 http://jvn.jp/en/jp/JVN43534286/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2095`	vulnerable	2026-06-03 14:37:06.611488	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.320Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9660 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2094`	vulnerable	2026-06-03 14:37:06.610475	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.317Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9655 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2093`	vulnerable	2026-06-03 14:37:06.609561	Details available Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.363Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN73182875/index.html https://support.cybozu.com/ja-jp/article/9647 http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2092`	vulnerable	2026-06-03 14:37:06.607941	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.334Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9555 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2091`	vulnerable	2026-06-03 14:37:06.598804	Details available Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Published: 2017-04-28T16:00:00.000Z Updated: 2024-08-05T13:39:32.243Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9570 http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7803`	vulnerable	2026-06-03 14:36:08.273726	Details available SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T02:04:56.031Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94974 https://jvn.jp/en/jp/JVN17980240/index.html https://support.cybozu.com/ja-jp/article/9447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7802`	vulnerable	2026-06-03 14:36:08.272845	Details available Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T02:04:56.075Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9561 https://jvn.jp/en/jp/JVN16200242/index.html http://www.securityfocus.com/bid/94967	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7801`	vulnerable	2026-06-03 14:36:08.264348	Details available Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T02:04:56.026Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN14631222/index.html http://www.securityfocus.com/bid/94966 https://support.cybozu.com/ja-jp/article/9437	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4910`	vulnerable	2026-06-03 14:35:53.731581	Details available Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.235Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN14631222/index.html https://support.cybozu.com/ja-jp/article/9461 http://www.securityfocus.com/bid/94966	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4909`	vulnerable	2026-06-03 14:35:53.730705	Details available Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.803Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94973 http://www.securityfocus.com/bid/97911 https://support.cybozu.com/ja-jp/article/9459 https://jvn.jp/en/jp/JVN15222211/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4908`	vulnerable	2026-06-03 14:35:53.729716	Details available Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.909Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN14631222/index.html http://www.securityfocus.com/bid/97912 http://www.securityfocus.com/bid/94966 https://support.cybozu.com/ja-jp/article/9399	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4907`	vulnerable	2026-06-03 14:35:53.728779	Details available Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.385Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/9441 http://www.securityfocus.com/bid/94965 https://jvn.jp/en/jp/JVN13218253/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-4906`	vulnerable	2026-06-03 14:35:53.720033	Details available Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. Published: 2017-06-09T16:00:00.000Z Updated: 2024-08-06T00:46:39.522Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/94969 https://support.cybozu.com/ja-jp/article/9511 https://jvn.jp/en/jp/JVN12281353/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1196`	vulnerable	2026-06-03 14:35:30.905740	Details available Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-05T22:48:13.483Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN33879831/index.html https://support.cybozu.com/ja-jp/article/8970 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000082	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1195`	vulnerable	2026-06-03 14:35:30.904839	Details available Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Published: 2016-06-19T15:00:00.000Z Updated: 2024-08-05T22:48:13.488Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/8987 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000081 http://jvn.jp/en/jp/JVN32218514/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1191`	vulnerable	2026-06-03 14:35:30.902502	Details available Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-05T22:48:13.542Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2016-000078 http://jvn.jp/en/jp/JVN14749391/index.html https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1190`	vulnerable	2026-06-03 14:35:30.895424	Details available Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.496Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/8877 http://jvn.jp/en/jp/JVN18975349/index.html https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000094	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1189`	vulnerable	2026-06-03 14:35:30.894637	Details available Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.489Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN18975349/index.html https://support.cybozu.com/ja-jp/article/9020 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000093 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-1188`	vulnerable	2026-06-03 14:35:30.887263	Details available Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. Published: 2016-06-25T21:00:00.000Z Updated: 2024-08-05T22:48:13.490Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN18975349/index.html https://support.cybozu.com/ja-jp/article/8845 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000077 https://garoon.cybozu.co.jp/support/update/package/421sp1.html#03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7776`	vulnerable	2026-06-03 14:35:09.904398	Details available Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. Published: 2016-06-19T20:00:00.000Z Updated: 2024-08-06T07:58:59.965Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN53542912/index.html https://support.cybozu.com/ja-jp/article/8897 https://support.cybozu.com/ja-jp/article/8757 http://jvndb.jvn.jp/jvndb/JVNDB-2016-000085 https://support.cybozu.com/ja-jp/article/8982	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5649`	vulnerable	2026-06-03 14:35:00.354559	Details available Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. Published: 2015-10-08T20:00:00.000Z Updated: 2024-08-06T06:59:03.498Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN38369032/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000152 https://support.cybozu.com/ja-jp/article/9176	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5647`	vulnerable	2026-06-03 14:35:00.350390	Details available The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. Published: 2015-10-12T10:00:00.000Z Updated: 2024-08-06T06:59:04.038Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151 https://support.cybozu.com/ja-jp/article/8810 http://jvn.jp/en/jp/JVN21025396/index.html http://jvn.jp/en/jp/JVN21025396/374951/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-5646`	vulnerable	2026-06-03 14:35:00.343043	Details available Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. Published: 2015-10-12T10:00:00.000Z Updated: 2024-08-06T06:59:04.338Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/8811 http://jvndb.jvn.jp/jvndb/JVNDB-2015-000151 http://jvn.jp/en/jp/JVN21025396/index.html http://jvn.jp/en/jp/JVN21025396/374951/index.html https://support.cybozu.com/ja-jp/article/8809	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1995`	vulnerable	2026-06-03 14:33:49.249803	Details available Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: 2014-07-20T10:00:00.000Z Updated: 2024-08-06T09:58:16.229Z Open on db.gcve.eu Reference links http://cs.cybozu.co.jp/information/gr20140714up02.php http://jvndb.jvn.jp/jvndb/JVNDB-2014-000075 http://jvn.jp/en/jp/JVN97558950/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1994`	vulnerable	2026-06-03 14:33:49.248861	Details available Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: 2014-07-20T10:00:00.000Z Updated: 2024-08-06T09:58:16.058Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN80583739/index.html http://cs.cybozu.co.jp/information/gr20140714up04.php http://jvndb.jvn.jp/jvndb/JVNDB-2014-000076	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1993`	vulnerable	2026-06-03 14:33:49.247987	Details available The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Published: 2014-07-20T10:00:00.000Z Updated: 2024-08-06T09:58:16.112Z Open on db.gcve.eu Reference links http://cs.cybozu.co.jp/information/gr20140714up04.php http://jvndb.jvn.jp/jvndb/JVNDB-2014-000077 http://jvn.jp/en/jp/JVN75990997/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1992`	vulnerable	2026-06-03 14:33:49.247117	Details available Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: 2014-07-20T10:00:00.000Z Updated: 2024-08-06T09:58:16.143Z Open on db.gcve.eu Reference links http://cs.cybozu.co.jp/information/gr20140714up05.php http://jvndb.jvn.jp/jvndb/JVNDB-2014-000078 http://jvn.jp/en/jp/JVN94838679/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1989`	vulnerable	2026-06-03 14:33:49.238715	Details available Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. Published: 2014-05-02T10:00:00.000Z Updated: 2024-08-06T09:58:15.787Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja/article/5264 http://jvn.jp/en/jp/JVN31230946/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1988`	vulnerable	2026-06-03 14:33:49.234977	Details available The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. Published: 2014-05-02T10:00:00.000Z Updated: 2024-08-06T09:58:15.935Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042 https://support.cybozu.com/ja-jp/article/8105 http://jvn.jp/en/jp/JVN90519014/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1987`	vulnerable	2026-06-03 14:33:49.224378	Details available The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. Published: 2014-07-20T10:00:00.000Z Updated: 2024-08-06T09:58:16.048Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2014-000073 http://cs.cybozu.co.jp/information/gr20140421news01.php http://jvn.jp/en/jp/JVN42024228/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-0821`	vulnerable	2026-06-03 14:33:39.833404	Details available SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. Published: 2014-02-27T01:00:00.000Z Updated: 2024-08-06T09:27:20.220Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN71045461/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024 https://support.cybozu.com/ja-jp/article/7993 http://www.securityfocus.com/bid/65809 http://cs.cybozu.co.jp/information/gr20140225up04.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-0820`	vulnerable	2026-06-03 14:33:39.831982	Details available Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors. Published: 2014-02-27T01:00:00.000Z Updated: 2024-08-06T09:27:20.409Z Open on db.gcve.eu Reference links http://jvn.jp/en/jp/JVN26393529/index.html http://cs.cybozu.co.jp/information/gr20140225up05.php http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023 https://support.cybozu.com/ja-jp/article/7994 http://www.securityfocus.com/bid/65815	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-0817`	vulnerable	2026-06-03 14:33:39.822090	Details available Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors. Published: 2014-02-27T01:00:00.000Z Updated: 2024-08-06T09:27:20.176Z Open on db.gcve.eu Reference links http://cs.cybozu.co.jp/information/gr20140225up03.php https://support.cybozu.com/ja-jp/article/7992 http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021 http://jvn.jp/en/jp/JVN24035499/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6930`	vulnerable	2026-06-03 14:33:33.006337	Details available SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. Published: 2014-01-29T02:00:00.000Z Updated: 2024-08-06T17:53:44.921Z Open on db.gcve.eu Reference links http://jvndb.jvn.jp/jvndb/JVNDB-2014-000010 http://cs.cybozu.co.jp/information/20140127up02.php http://jvn.jp/en/jp/JVN91153528/index.html http://jvn.jp/en/jp/JVN91153528/374951/index.html https://support.cybozu.com/ja-jp/article/7886	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6006`	vulnerable	2026-06-03 14:33:24.659808	Details available Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Published: 2013-12-28T02:00:00.000Z Updated: 2024-08-06T17:29:42.607Z Open on db.gcve.eu Reference links https://support.cybozu.com/ja-jp/article/7893 http://jvndb.jvn.jp/jvndb/JVNDB-2013-000125 http://jvn.jp/en/jp/JVN81706478/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-0702`	vulnerable	2026-06-03 14:32:45.057669	Details available Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2013-02-14T11:00:00.000Z Updated: 2024-09-17T00:06:20.113Z Open on db.gcve.eu Reference links http://cs.cybozu.co.jp/information/20130125up01.php http://jvn.jp/en/jp/JVN95863326/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2013-000008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-0701`	vulnerable	2026-06-03 14:32:45.051195	Details available SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. Published: 2013-02-14T11:00:00.000Z Updated: 2024-09-17T03:43:17.825Z Open on db.gcve.eu Reference links http://cs.cybozu.co.jp/information/20130125up02.php http://jvndb.jvn.jp/jvndb/JVNDB-2013-000007 http://jvn.jp/en/jp/JVN07629635/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cybozu Garoon 3.5.3

PURL mappings

Vulnerability references

Contribute