Refine your search

4 vulnerabilities found for acmailer by Seeds Co.,Ltd.

jvndb-2021-000004
Vulnerability from jvndb
Published
2021-01-14 16:22
Modified
2021-01-14 16:22
Severity ?
9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in acmailer
Details
acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. *Improper Access Control (CWE-284) - CVE-2021-20617 *Privilege Chaining (CWE-268) - CVE-2021-20618 ma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000004.html",
  "dc:date": "2021-01-14T16:22+09:00",
  "dcterms:issued": "2021-01-14T16:22+09:00",
  "dcterms:modified": "2021-01-14T16:22+09:00",
  "description": "acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Improper Access Control (CWE-284) - CVE-2021-20617\r\n*Privilege Chaining (CWE-268) - CVE-2021-20618\r\n\r\nma.la reported these vulnerabilities to the developer, and also to IPA in order to notify users of its solution through JVN.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000004.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:seeds:acmailer",
      "@product": "acmailer",
      "@vendor": "Seeds Co.,Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:seeds:acmailer_db",
      "@product": "acmailer DB",
      "@vendor": "Seeds Co.,Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000004",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN35906450/index.html",
      "@id": "JVN#35906450",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20617",
      "@id": "CVE-2021-20617",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20618",
      "@id": "CVE-2021-20618",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20617",
      "@id": "CVE-2021-20617",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20618",
      "@id": "CVE-2021-20618",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple vulnerabilities in acmailer"
}

jvndb-2016-000002
Vulnerability from jvndb
Published
2016-01-15 13:57
Modified
2016-01-27 17:20
Severity ?
4.7 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
acmailer vulnerable to OS command injection
Details
acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability (CWE-78). Kazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000002.html",
  "dc:date": "2016-01-27T17:20+09:00",
  "dcterms:issued": "2016-01-15T13:57+09:00",
  "dcterms:modified": "2016-01-27T17:20+09:00",
  "description": "acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability (CWE-78).\r\n\r\nKazuhiro Shibuta of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000002.html",
  "sec:cpe": {
    "#text": "cpe:/a:seeds:acmailer",
    "@product": "acmailer",
    "@vendor": "Seeds Co.,Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "4.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000002",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN50899877/index.html",
      "@id": "JVN#50899877",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1142",
      "@id": "CVE-2016-1142",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1142",
      "@id": "CVE-2016-1142",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "acmailer vulnerable to OS command injection"
}

jvndb-2015-000098
Vulnerability from jvndb
Published
2015-07-15 15:53
Modified
2015-07-27 15:12
Severity ?
() - -
Summary
acmailer vulnerable to directory traversal
Details
acmailer provided by Seeds Co.,Ltd. contains a directory traversal (CWE-22) vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000098.html",
  "dc:date": "2015-07-27T15:12+09:00",
  "dcterms:issued": "2015-07-15T15:53+09:00",
  "dcterms:modified": "2015-07-27T15:12+09:00",
  "description": "acmailer provided by Seeds Co.,Ltd. contains a directory traversal (CWE-22) vulnerability.\r\n\r\nShoji Baba reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000098.html",
  "sec:cpe": {
    "#text": "cpe:/a:seeds:acmailer",
    "@product": "acmailer",
    "@vendor": "Seeds Co.,Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000098",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN64051989/index.html",
      "@id": "JVN#64051989",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2971",
      "@id": "CVE-2015-2971",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2971",
      "@id": "CVE-2015-2971",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "acmailer vulnerable to directory traversal"
}

jvndb-2014-000089
Vulnerability from jvndb
Published
2014-07-29 14:15
Modified
2014-08-01 18:29
Severity ?
() - -
Summary
acmailer contains a cross-site request forgery vulnerability
Details
Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000089.html",
  "dc:date": "2014-08-01T18:29+09:00",
  "dcterms:issued": "2014-07-29T14:15+09:00",
  "dcterms:modified": "2014-08-01T18:29+09:00",
  "description": "Several cgi programs in acmailer contain a cross-site request forgery vulnerability.\r\n\r\nKazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000089.html",
  "sec:cpe": {
    "#text": "cpe:/a:seeds:acmailer",
    "@product": "acmailer",
    "@vendor": "Seeds Co.,Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000089",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN42511610/",
      "@id": "JVN#42511610",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3896",
      "@id": "CVE-2014-3896",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3896",
      "@id": "CVE-2014-3896",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "acmailer contains a cross-site request forgery vulnerability"
}