Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail (CWE-231) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API (CWE-201) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-31398 CyVDB-3221 Excessive resource consumption in Mail (CWE-1050) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Base Score 4.3 CVE-2024-31399 CyVDB-3238 Cross-site scripting vulnerability in Scheduler (CWE-79) CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N Base Score 6.9 CVE-2024-31401 CyVDB-3439 Improper restriction on some operation in Shared To-Dos (CWE-863) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-31402 CyVDB-3441 Information disclosure in Mail (CWE-201) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-31400 CyVDB-3402 Improper restriction on browsing and operation in Memo (CWE-863) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score 5.4 CVE-2024-31403 CyVDB-3151 Browse restriction bypass in Scheduler (CWE-201) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score 4.3 CVE-2024-31404 CyVDB-3471 ## Impact A user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition (CVE-2024-31397) A user who can log in to the product may obtain information on the list of users (CVE-2024-31398) Processing a crafted mail may cause a…Read More
JVN#28869536: Multiple vulnerabilities in Cybozu Garoon
