Refine your search
3 vulnerabilities found for Empirical Project Monitor - eXtended by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
jvndb-2017-000098
Vulnerability from jvndb
Published
2017-05-19 14:57
Modified
2017-11-27 18:01
Severity ?
Summary
The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries
Details
The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html",
"dc:date": "2017-11-27T18:01+09:00",
"dcterms:issued": "2017-05-19T14:57+09:00",
"dcterms:modified": "2017-11-27T18:01+09:00",
"description": "The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
"@product": "Empirical Project Monitor - eXtended",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000098",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12493656/index.html",
"@id": "JVN#12493656",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2175",
"@id": "CVE-2017-2175",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2175",
"@id": "CVE-2017-2175",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries"
}
jvndb-2017-000097
Vulnerability from jvndb
Published
2017-05-19 14:55
Modified
2017-11-27 18:01
Severity ?
Summary
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Details
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#85512750.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html",
"dc:date": "2017-11-27T18:01+09:00",
"dcterms:issued": "2017-05-19T14:55+09:00",
"dcterms:modified": "2017-11-27T18:01+09:00",
"description": "Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#85512750.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
"@product": "Empirical Project Monitor - eXtended",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000097",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11326581/index.html",
"@id": "JVN#11326581",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2174",
"@id": "CVE-2017-2174",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2174",
"@id": "CVE-2017-2174",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Empirical Project Monitor - eXtended vulnerable to cross-site scripting"
}
jvndb-2017-000096
Vulnerability from jvndb
Published
2017-05-19 14:53
Modified
2017-11-27 18:01
Severity ?
Summary
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Details
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#11326581.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html",
"dc:date": "2017-11-27T18:01+09:00",
"dcterms:issued": "2017-05-19T14:53+09:00",
"dcterms:modified": "2017-11-27T18:01+09:00",
"description": "Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nNote that this vulnerability is different from JVN#11326581.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
"@product": "Empirical Project Monitor - eXtended",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000096",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85512750/index.html",
"@id": "JVN#85512750",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2173",
"@id": "CVE-2017-2173",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2173",
"@id": "CVE-2017-2173",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Empirical Project Monitor - eXtended vulnerable to cross-site scripting"
}