Refine your search
2 vulnerabilities found for PrimeDrive Desktop Application by SoftBank
jvndb-2017-000080
Vulnerability from jvndb
Published
2017-05-12 13:36
Modified
2017-11-27 16:55
Severity ?
Summary
PrimeDrive Desktop Application Installer may insecurely load executable files
Details
PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files (CWE-427).
Eili Masami of Tachibana Lab. and Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000080.html",
"dc:date": "2017-11-27T16:55+09:00",
"dcterms:issued": "2017-05-12T13:36+09:00",
"dcterms:modified": "2017-11-27T16:55+09:00",
"description": "PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. and Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000080.html",
"sec:cpe": {
"#text": "cpe:/a:softbank:primedrive_desktop_application",
"@product": "PrimeDrive Desktop Application",
"@vendor": "SoftBank",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000080",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16248227/index.html",
"@id": "JVN#16248227",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2167",
"@id": "CVE-2017-2167",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2167",
"@id": "CVE-2017-2167",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "PrimeDrive Desktop Application Installer may insecurely load executable files"
}
jvndb-2017-000033
Vulnerability from jvndb
Published
2017-03-01 15:53
Modified
2017-05-15 11:27
Severity ?
Summary
PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries
Details
PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application is vulnerable to load specific Dynamic Link Libraries in the same directory (CWE-427) .
Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000033.html",
"dc:date": "2017-05-15T11:27+09:00",
"dcterms:issued": "2017-03-01T15:53+09:00",
"dcterms:modified": "2017-05-15T11:27+09:00",
"description": "PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application is vulnerable to load specific Dynamic Link Libraries in the same directory (CWE-427) .\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000033.html",
"sec:cpe": {
"#text": "cpe:/a:softbank:primedrive_desktop_application",
"@product": "PrimeDrive Desktop Application",
"@vendor": "SoftBank",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000033",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN88713190/index.html",
"@id": "JVN#88713190",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2108",
"@id": "CVE-2017-2108",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2108",
"@id": "CVE-2017-2108",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "PrimeDrive Desktop Application Installer may insecurely load Dynamic Link Libraries"
}