Search criteria
3 vulnerabilities by MOTEX Inc.
CVE-2026-25785 (GCVE-0-2026-25785)
Vulnerability from cvelistv5 – Published: 2026-02-25 06:01 – Updated: 2026-02-25 21:15
VLAI
Summary
Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MOTEX Inc. | Lanscope Endpoint Manager (On-Premises) Sub-Manager Server |
Affected:
Ver.9.4.7.3 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:15:03.012255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:15:15.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lanscope Endpoint Manager (On-Premises) Sub-Manager Server",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.4.7.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T06:01:05.327Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.motex.co.jp/news/notice/2026/release260225/"
},
{
"url": "https://jvn.jp/en/jp/JVN79096585/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25785",
"datePublished": "2026-02-25T06:01:05.327Z",
"dateReserved": "2026-02-16T01:44:58.906Z",
"dateUpdated": "2026-02-25T21:15:15.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61932 (GCVE-0-2025-61932)
Vulnerability from cvelistv5 – Published: 2025-10-20 07:25 – Updated: 2026-02-26 16:57
VLAI
CISA KEV
Summary
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MOTEX Inc. | Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) |
Affected:
Ver.9.4.7.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61932",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T03:55:30.675620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:23.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.4.7.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "Improper Verification of Source of a Communication Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T07:25:39.916Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.motex.co.jp/news/notice/2025/release251020/"
},
{
"url": "https://jvn.jp/en/jp/JVN86318557/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61932",
"datePublished": "2025-10-20T07:25:39.916Z",
"dateReserved": "2025-10-06T02:24:53.875Z",
"dateUpdated": "2026-02-26T16:57:23.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}