Refine your search

3 vulnerabilities found for FileZen by Soliton Systems K.K.

jvndb-2021-000015
Vulnerability from jvndb
Published
2021-02-16 15:07
Modified
2021-03-05 17:31
Severity ?
9.1 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
FileZen vulnerable to OS command injection
Details
FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability (CWE-78). Soliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000015.html",
  "dc:date": "2021-03-05T17:31+09:00",
  "dcterms:issued": "2021-02-16T15:07+09:00",
  "dcterms:modified": "2021-03-05T17:31+09:00",
  "description": "FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface.\r\nFileZen contains an OS command injection vulnerability (CWE-78).\r\n\r\nSoliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000015.html",
  "sec:cpe": {
    "#text": "cpe:/a:soliton:filezen",
    "@product": "FileZen",
    "@vendor": "Soliton Systems K.K.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "9.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "9.1",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000015",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN58774946/index.html",
      "@id": "JVN#58774946",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20655",
      "@id": "CVE-2021-20655",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20655",
      "@id": "CVE-2021-20655",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20210216-jvn.html",
      "@id": "Regarding OS Command Injection vulnerability in FileZen (JVN#58774946)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2021/at210009.html",
      "@id": "Alert Regarding Vulnerability (CVE-2021-20655) in FileZen",
      "@source": "JPCERT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "FileZen vulnerable to OS command injection"
}

jvndb-2020-000082
Vulnerability from jvndb
Published
2020-12-10 15:21
Modified
2020-12-10 15:21
Severity ?
7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
FileZen vulnerable to directory traversal
Details
FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability (CWE-22). Soliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000082.html",
  "dc:date": "2020-12-10T15:21+09:00",
  "dcterms:issued": "2020-12-10T15:21+09:00",
  "dcterms:modified": "2020-12-10T15:21+09:00",
  "description": "FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface.\r\nFileZen contains a directory traversal vulnerability (CWE-22).\r\n\r\nSoliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000082.html",
  "sec:cpe": {
    "#text": "cpe:/a:soliton:filezen",
    "@product": "FileZen",
    "@vendor": "Soliton Systems K.K.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000082",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN12884935/index.html",
      "@id": "JVN#12884935",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5639",
      "@id": "CVE-2020-5639",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5639",
      "@id": "CVE-2020-5639",
      "@source": "NVD"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2020/at200044.html",
      "@id": "Alert Regarding File Data Transfer Appliance FileZen",
      "@source": "JPCERT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "FileZen vulnerable to directory traversal"
}

jvndb-2018-000104
Vulnerability from jvndb
Published
2018-10-15 15:26
Modified
2019-07-26 17:00
Severity ?
10.0 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Multiple vulnerabilities in FileZen
Details
FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. * Directory traversal (CWE-22) - CVE-2018-0693 * OS command injection (CWE-78) - CVE-2018-0694 Soliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000104.html",
  "dc:date": "2019-07-26T17:00+09:00",
  "dcterms:issued": "2018-10-15T15:26+09:00",
  "dcterms:modified": "2019-07-26T17:00+09:00",
  "description": "FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface.\r\nFileZen contains multiple vulnerabilities listed below.\r\n\r\n* Directory traversal (CWE-22) - CVE-2018-0693\r\n* OS command injection (CWE-78) - CVE-2018-0694\r\n\r\nSoliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000104.html",
  "sec:cpe": {
    "#text": "cpe:/a:soliton:filezen",
    "@product": "FileZen",
    "@vendor": "Soliton Systems K.K.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "10.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "10.0",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000104",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN95355683/index.html",
      "@id": "JVN#95355683",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0693",
      "@id": "CVE-2018-0693",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0694",
      "@id": "CVE-2018-0694",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0693",
      "@id": "CVE-2018-0693",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0694",
      "@id": "CVE-2018-0694",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20181015-jvn.html",
      "@id": "Security Alert for Vulnerabilities in  FileZen",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in FileZen"
}