Version 5.0.0 to 5.15.2

CVE-2024-31397

Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.

MEDIUM CVSS 4.9 Published Jun 11, 2024

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

MEDIUM CVSS 5.3 Published Jun 11, 2024

CVE-2024-31402

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

UNKNOWN CVSS 4.3 Published Jun 11, 2024

CVE-2024-31398

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

UNKNOWN CVSS 4.3 Published Jun 11, 2024

CVE-2024-31401

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

CRITICAL CVSS 9.0 Published Jun 11, 2024