Refine your search

2 vulnerabilities found for SaAT Netizen by NetMove Corporation

jvndb-2017-000109
Vulnerability from jvndb
Published
2017-06-02 14:00
Modified
2018-01-17 12:29
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
Details
The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html",
  "dc:date": "2018-01-17T12:29+09:00",
  "dcterms:issued": "2017-06-02T14:00+09:00",
  "dcterms:modified": "2018-01-17T12:29+09:00",
  "description": "The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html",
  "sec:cpe": {
    "#text": "cpe:/a:saat:netizen",
    "@product": "SaAT Netizen",
    "@vendor": "NetMove Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000109",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN91170929/index.html",
      "@id": "JVN#91170929",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2206",
      "@id": "CVE-2017-2206",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2206",
      "@id": "CVE-2017-2206",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installer of SaAT Netizen may insecurely load Dynamic Link Libraries"
}

jvndb-2016-002299
Vulnerability from jvndb
Published
2016-12-05 13:52
Modified
2024-06-27 13:59
Severity ?
5.6 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
SaAT Netizen fails to properly verify downloaded installation and update files
Details
SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified. The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process. PinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html",
  "dc:date": "2024-06-27T13:59+09:00",
  "dcterms:issued": "2016-12-05T13:52+09:00",
  "dcterms:modified": "2024-06-27T13:59+09:00",
  "description": "SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified.\r\n\r\nThe SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process.\r\n\r\nPinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:saat:netizen",
      "@product": "SaAT Netizen",
      "@vendor": "NetMove Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:saat:netizen_installer",
      "@product": "SaAT Netizen installer",
      "@vendor": "NetMove Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.6",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-002299",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU97339542/index.html",
      "@id": "JVNVU#97339542",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1203",
      "@id": "CVE-2016-1203",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1203",
      "@id": "CVE-2016-1203",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "SaAT Netizen fails to properly verify downloaded installation and update files"
}