Refine your search
200 vulnerabilities found for by Cybozu, Inc.
CVE-2026-22888 (GCVE-0-2026-22888)
Vulnerability from cvelistv5
Published
2026-02-02 06:37
Modified
2026-02-02 16:28
Severity ?
4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-231 - Improper handling of extra values
Summary
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 6.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T15:13:27.952765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:28:09.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-231",
"description": "Improper handling of extra values",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T06:37:33.802Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kb.cybozu.support/article/39083/"
},
{
"url": "https://jvn.jp/en/jp/JVN35265756/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-22888",
"datePublished": "2026-02-02T06:37:33.802Z",
"dateReserved": "2026-01-27T00:34:57.984Z",
"dateUpdated": "2026-02-02T16:28:09.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22881 (GCVE-0-2026-22881)
Vulnerability from cvelistv5
Published
2026-02-02 06:37
Modified
2026-02-02 16:28
Severity ?
5.7 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
6.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.15.0 to 6.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T15:13:50.929520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:28:15.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.15.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T06:37:17.621Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kb.cybozu.support/article/39084/"
},
{
"url": "https://jvn.jp/en/jp/JVN35265756/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-22881",
"datePublished": "2026-02-02T06:37:17.621Z",
"dateReserved": "2026-01-27T00:34:57.021Z",
"dateUpdated": "2026-02-02T16:28:15.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20711 (GCVE-0-2026-20711)
Vulnerability from cvelistv5
Published
2026-02-02 06:37
Modified
2026-02-02 16:28
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 6.0.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T16:05:10.499383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:28:24.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 6.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users\u2019 passwords."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T06:37:05.017Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kb.cybozu.support/article/39081/"
},
{
"url": "https://jvn.jp/en/jp/JVN35265756/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-20711",
"datePublished": "2026-02-02T06:37:05.017Z",
"dateReserved": "2026-01-27T00:30:57.072Z",
"dateUpdated": "2026-02-02T16:28:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39817 (GCVE-0-2024-39817)
Vulnerability from cvelistv5
Published
2024-08-06 04:54
Modified
2025-03-18 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:43:38.523183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:49:27.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting \u0027search\u0027 under certain conditions in Custom App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:50.932Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN29845579/"
},
{
"url": "https://kb.cybozu.support/?product=office\u0026v=\u0026fv=10.8.7\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026s="
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39817",
"datePublished": "2024-08-06T04:54:50.932Z",
"dateReserved": "2024-07-26T04:55:12.517Z",
"dateUpdated": "2025-03-18T20:49:27.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39457 (GCVE-0-2024-39457)
Vulnerability from cvelistv5
Published
2024-07-19 08:36
Modified
2025-03-19 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 6.0.0 to 6.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T16:47:27.038484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T20:42:34.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN74825766/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "6.0.0 to 6.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user\u2019s web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:36:27.786Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://kb.cybozu.support/?product=garoon\u0026v=\u0026fv=6.0.2\u0026t=%E8%84%86%E5%BC%B1%E6%80%A7\u0026f=\u0026r=\u0026b=\u0026s=\u0026posts_per_page=20"
},
{
"url": "https://jvn.jp/en/jp/JVN74825766/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39457",
"datePublished": "2024-07-19T08:36:27.786Z",
"dateReserved": "2024-06-25T06:24:51.487Z",
"dateUpdated": "2025-03-19T20:42:34.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31397 (GCVE-0-2024-31397)
Vulnerability from cvelistv5
Published
2024-06-11 05:34
Modified
2024-08-02 01:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Handling of Extra Values
Summary
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:30:54.740623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-231",
"description": "CWE-231 Improper Handling of Extra Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:31:56.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Handling of Extra Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:34:39.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31397",
"datePublished": "2024-06-11T05:34:39.924Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31399 (GCVE-0-2024-31399)
Vulnerability from cvelistv5
Published
2024-06-11 05:34
Modified
2025-03-20 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Excessive Platform Resource Consumption within a Loop
Summary
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:21:30.661944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:56:16.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Excessive Platform Resource Consumption within a Loop",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:34:34.564Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31399",
"datePublished": "2024-06-11T05:34:34.564Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2025-03-20T18:56:16.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31402 (GCVE-0-2024-31402)
Vulnerability from cvelistv5
Published
2024-06-11 05:21
Modified
2025-03-28 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T19:58:25.261394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T20:36:36.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:21:04.938Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31402",
"datePublished": "2024-06-11T05:21:04.938Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2025-03-28T20:36:36.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31398 (GCVE-0-2024-31398)
Vulnerability from cvelistv5
Published
2024-06-11 05:20
Modified
2025-03-13 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:54:10.200588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:17:16.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T05:20:51.967Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31398",
"datePublished": "2024-06-11T05:20:51.967Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2025-03-13T13:17:16.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31404 (GCVE-0-2024-31404)
Vulnerability from cvelistv5
Published
2024-06-11 04:27
Modified
2024-11-21 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.5.0 to 6.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:22:03.808702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:00:13.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.5.0 to 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:27:07.608Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31404",
"datePublished": "2024-06-11T04:27:07.608Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-11-21T19:00:13.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31403 (GCVE-0-2024-31403)
Vulnerability from cvelistv5
Published
2024-06-11 04:27
Modified
2024-08-02 01:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization
Summary
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 6.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "garoon",
"vendor": "cybozu",
"versions": [
{
"lessThanOrEqual": "6.0.0",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T13:43:35.558730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T13:49:23.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 6.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:27:01.971Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31403",
"datePublished": "2024-06-11T04:27:01.971Z",
"dateReserved": "2024-04-03T09:14:19.135Z",
"dateUpdated": "2024-08-02T01:52:56.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31401 (GCVE-0-2024-31401)
Vulnerability from cvelistv5
Published
2024-06-11 04:26
Modified
2024-08-02 01:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cybozu:garoon:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "garoon",
"vendor": "cybozu",
"versions": [
{
"lessThanOrEqual": "5.12.2",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:53:11.132057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:53:43.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:26:53.806Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31401",
"datePublished": "2024-06-11T04:26:53.806Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-08-02T01:52:56.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31400 (GCVE-0-2024-31400)
Vulnerability from cvelistv5
Published
2024-06-11 04:26
Modified
2024-11-08 21:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insertion of Sensitive Information Into Sent Data
Summary
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.0.0 to 5.15.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-31400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T15:46:12.890944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T21:24:53.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.0.0 to 5.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T04:26:31.583Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/007901.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28869536/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-31400",
"datePublished": "2024-06-11T04:26:31.583Z",
"dateReserved": "2024-04-03T09:14:19.134Z",
"dateUpdated": "2024-11-08T21:24:53.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23304 (GCVE-0-2024-23304)
Vulnerability from cvelistv5
Published
2024-02-06 04:19
Modified
2025-06-04 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial-of-service (DoS)
Summary
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI for Android |
Version: 3.0.20 to 3.0.21 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2024/010691.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN18743512/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T20:06:33.180788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T15:17:58.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu KUNAI for Android",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.0.20 to 3.0.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T04:19:49.092Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2024/010691.html"
},
{
"url": "https://jvn.jp/en/jp/JVN18743512/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23304",
"datePublished": "2024-02-06T04:19:49.092Z",
"dateReserved": "2024-01-15T06:00:33.373Z",
"dateUpdated": "2025-06-04T15:17:58.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46278 (GCVE-0-2023-46278)
Vulnerability from cvelistv5
Published
2023-10-31 23:01
Modified
2024-09-05 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Uncontrolled Resource Consumption
Summary
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Remote Service |
Version: 4.1.0 to 4.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/010657.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN94132951/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T19:46:13.224011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T19:48:06.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Remote Service",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.1.0 to 4.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T23:01:20.135Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/010657.html"
},
{
"url": "https://jvn.jp/en/jp/JVN94132951/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-46278",
"datePublished": "2023-10-31T23:01:20.135Z",
"dateReserved": "2023-10-20T05:37:36.463Z",
"dateUpdated": "2024-09-05T19:48:06.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26838 (GCVE-0-2022-26838)
Vulnerability from cvelistv5
Published
2023-08-03 13:16
Modified
2024-10-17 14:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Path traversal
Summary
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Remote Service |
Version: 3.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN52694228/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cybozu.support/article/37653/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:13:52.450913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:14:01.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Remote Service",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T13:16:16.712Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN52694228/"
},
{
"url": "https://kb.cybozu.support/article/37653/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26838",
"datePublished": "2023-08-03T13:16:16.712Z",
"dateReserved": "2022-04-04T08:48:57.871Z",
"dateUpdated": "2024-10-17T14:14:01.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27304 (GCVE-0-2023-27304)
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-17 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper authorization
Summary
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.6.0 to 5.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T18:00:39.679866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T18:02:06.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.6.0 to 5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27304",
"datePublished": "2023-05-23T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-17T18:02:06.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27384 (GCVE-0-2023-27384)
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-17 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper access control
Summary
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:57:24.943357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T17:59:12.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "5.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27384",
"datePublished": "2023-05-23T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-17T17:59:12.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26595 (GCVE-0-2023-26595)
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2025-01-28 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial-of-service (DoS)
Summary
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Garoon |
Version: 4.10.0 to 5.9.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T18:53:37.691469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T18:56:21.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Garoon",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.10.0 to 5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-26595",
"datePublished": "2023-05-23T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T18:56:21.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44608 (GCVE-0-2022-44608)
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2025-04-23 13:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Uncontrolled Resource Consumption
Summary
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Remote Service |
Version: 4.0.0 to 4.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007754.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87895771/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:56:09.797991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T13:56:53.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Remote Service",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "4.0.0 to 4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://cs.cybozu.co.jp/2022/007754.html"
},
{
"url": "https://jvn.jp/en/jp/JVN87895771/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-44608",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-23T13:56:53.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33311 (GCVE-0-2022-33311)
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control
Summary
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:14:48.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-33311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-33311",
"datePublished": "2022-08-18T07:14:48.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:01:20.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33151 (GCVE-0-2022-33151)
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:01:20.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:14:24.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-33151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-33151",
"datePublished": "2022-08-18T07:14:25.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:01:20.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32583 (GCVE-0-2022-32583)
Vulnerability from cvelistv5
Published
2022-08-18 07:14
Modified
2024-08-03 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:43.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:14:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32583",
"datePublished": "2022-08-18T07:14:00.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:46:43.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32544 (GCVE-0-2022-32544)
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Authorization
Summary
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:44.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:13:36.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32544",
"datePublished": "2022-08-18T07:13:37.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:46:44.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32453 (GCVE-0-2022-32453)
Vulnerability from cvelistv5
Published
2022-08-18 07:13
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- HTTP header injection
Summary
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:13:13.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32453",
"datePublished": "2022-08-18T07:13:13.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:39:51.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32283 (GCVE-0-2022-32283)
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control
Summary
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:12:44.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32283",
"datePublished": "2022-08-18T07:12:44.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:39:50.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30693 (GCVE-0-2022-30693)
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Exposure of Sensitive Information to an Unauthorized Actor
Summary
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:12:25.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30693",
"datePublished": "2022-08-18T07:12:25.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:13.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30604 (GCVE-0-2022-30604)
Vulnerability from cvelistv5
Published
2022-08-18 07:12
Modified
2024-08-03 06:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:12.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:12:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30604",
"datePublished": "2022-08-18T07:12:01.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:56:12.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29891 (GCVE-0-2022-29891)
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control
Summary
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:11:37.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29891",
"datePublished": "2022-08-18T07:11:37.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:33:43.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29487 (GCVE-0-2022-29487)
Vulnerability from cvelistv5
Published
2022-08-18 07:11
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cybozu, Inc. | Cybozu Office |
Version: 10.0.0 to 10.8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cybozu Office",
"vendor": "Cybozu, Inc.",
"versions": [
{
"status": "affected",
"version": "10.0.0 to 10.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-18T07:11:14.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cybozu Office",
"version": {
"version_data": [
{
"version_value": "10.0.0 to 10.8.5"
}
]
}
}
]
},
"vendor_name": "Cybozu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2022/007584.html",
"refsource": "MISC",
"url": "https://cs.cybozu.co.jp/2022/007584.html"
},
{
"name": "https://jvn.jp/en/jp/JVN20573662/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN20573662/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29487",
"datePublished": "2022-08-18T07:11:14.000Z",
"dateReserved": "2022-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:26:06.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}