CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2094
https://notcve.org/view.php?id=CVE-2017-2094
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado sortear la restricción de acceso en Workflow y la función "MultiRepor" para alterar o borrar información a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9655 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2091
https://notcve.org/view.php?id=CVE-2017-2091
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permiten a un atacante remoto autenticado sortear la restricción de acceso en la función Phone Messages para alterar el estado de los mensajes del teléfono a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9570 •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2093
https://notcve.org/view.php?id=CVE-2017-2093
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto obtener tokens utilizados por la protección CSRF a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9647 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2092
https://notcve.org/view.php?id=CVE-2017-2092
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de cross-site scripting en Cybozu Garoon 3.0.0 hasta 4.2.3 permite a un atacante remoto autenticado inyectar script web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9555 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-2095
https://notcve.org/view.php?id=CVE-2017-2095
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. Cybozu Garoon 3.0.0 hasta 4.2.3 permiten a un atacante remoto autenticado sortear la restricción de acceso en la función mail, consiguiendo una alteración del orden de las carpetas de correo a través de vectores no especificados. • http://jvn.jp/en/jp/JVN73182875/index.html http://www.securityfocus.com/bid/96429 https://support.cybozu.com/ja-jp/article/9660 •