Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Setup file of advance preparation by National Tax Agency JAPAN

jvndb-2017-000129

Vulnerability from jvndb

Published

2017-06-09 15:59

Modified

2018-02-14 13:55

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries

Details

"Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation"contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN34508179/index.html
	JVN	https://jvn.jp/en/ta/JVNTA91240916/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2215
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2215
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

National Tax Agency JAPAN

Setup file of advance preparation

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000129.html",
  "dc:date": "2018-02-14T13:55+09:00",
  "dcterms:issued": "2017-06-09T15:59+09:00",
  "dcterms:modified": "2018-02-14T13:55+09:00",
  "description": "\"Setup file of advance preparation\" provided by National Tax Agency is software to setup the environment which is required to use \"filing assistance on the NTA website\".\r\n\"Setup file of advance preparation\"contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000129.html",
  "sec:cpe": {
    "#text": "cpe:/a:nta:nta_advance_preparation_setup_file",
    "@product": "Setup file of advance preparation",
    "@vendor": "National Tax Agency JAPAN",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000129",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN34508179/index.html",
      "@id": "JVN#34508179",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2215",
      "@id": "CVE-2017-2215",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2215",
      "@id": "CVE-2017-2215",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installer of \"Setup file of advance preparation\" may insecurely load Dinamic Link Libraries"
}