|
196641
|
7.5 |
HIGH
Network
|
cybozu
|
garoon
|
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
|
CWE-287
Improper Authentication
|
CVE-2020-5567
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196642
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
|
NVD-CWE-noinfo
|
CVE-2020-5566
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196643
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
|
CWE-20
Improper Input Validation
|
CVE-2020-5565
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196644
|
6.1 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5564
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196645
|
5.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
|
CWE-287
Improper Authentication
|
CVE-2020-5563
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196646
|
4.9 |
MEDIUM
Network
|
cybozu
|
garoon
|
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-5562
|
2024-11-21 14:34 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196647
|
8.1 |
HIGH
Adjacent
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-5870
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196648
|
9.1 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.
|
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
|
CVE-2020-5869
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196649
|
9.8 |
CRITICAL
Network
|
f5
|
big-iq_centralized_management
|
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.
|
CWE-78
OS Command
|
CVE-2020-5868
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196650
|
8.1 |
HIGH
Network
|
f5
netapp
|
nginx_controller
cloud_backup
|
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
|
CWE-319
CWE-494
Cleartext Transmission of Sensitive Information
Download of Code Without Integrity Check
|
CVE-2020-5867
|
2024-11-21 14:34 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
