Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by OPTiM Corporation
CVE-2026-28267 (GCVE-0-2026-28267)
Vulnerability from nvd – Published: 2026-03-09 22:28 – Updated: 2026-03-10 14:16
VLAI
Summary
Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 10 (Windows version only) |
Affected:
prior to Ver.10.02.00
|
|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to Ver.6.10.57
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ZAQ (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for プロバイダー |
Affected:
prior to Ver.2.00.30
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Digital Arts Inc. | DigitalArts@Cloud Agent (for Windows) |
Affected:
prior to Ver.1.70R01
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R13
|
|
| Inventit Inc. | MobiConnect i-FILTER Browser Option MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Fujitsu Limited | i-FILTER Browser & Cloud MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T14:16:23.241801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T14:16:29.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.10.02.00"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.10.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.00.30"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "DigitalArts@Cloud Agent (for Windows)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.70R01"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R13"
}
]
},
{
"product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows",
"vendor": "Inventit Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:28:24.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_02.pdf"
},
{
"url": "https://biz3.optim.co.jp/"
},
{
"url": "https://www.mobi-connect.net/file/ifilter/"
},
{
"url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"
},
{
"url": "https://jvn.jp/en/jp/JVN17307628/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-28267",
"datePublished": "2026-03-09T22:28:24.535Z",
"dateReserved": "2026-02-26T00:21:16.561Z",
"dateUpdated": "2026-03-10T14:16:29.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57846 (GCVE-0-2025-57846)
Vulnerability from nvd – Published: 2025-08-27 05:28 – Updated: 2025-08-27 14:52
VLAI
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to 6.00.55
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ZAQ |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to 6.10.55
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to 4.93.R11
|
|
| Fujitsu Limited | FENCE-Mobile RemoteManager i-FILTER Browser Service |
Affected:
prior to 4.93R11
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:47:59.700143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:52:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.10.55"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 4.93.R11"
}
]
},
{
"product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T05:28:42.925Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN55678602/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-57846",
"datePublished": "2025-08-27T05:28:42.925Z",
"dateReserved": "2025-08-21T04:04:10.182Z",
"dateUpdated": "2025-08-27T14:52:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10836 (GCVE-0-2017-10836)
Vulnerability from nvd – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN87540575/index.html | third-party-advisoryx_refsource_JVN |
| https://www.optim.co.jp/contents/23246 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPTiM Corporation | Optimal Guard |
Affected:
1.1.21 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#87540575",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87540575/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.optim.co.jp/contents/23246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Optimal Guard",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "1.1.21 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#87540575",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN87540575/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.optim.co.jp/contents/23246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Optimal Guard",
"version": {
"version_data": [
{
"version_value": "1.1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "OPTiM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#87540575",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN87540575/index.html"
},
{
"name": "https://www.optim.co.jp/contents/23246",
"refsource": "MISC",
"url": "https://www.optim.co.jp/contents/23246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10836",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-28267 (GCVE-0-2026-28267)
Vulnerability from cvelistv5 – Published: 2026-03-09 22:28 – Updated: 2026-03-10 14:16
VLAI
Summary
Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 10 (Windows version only) |
Affected:
prior to Ver.10.02.00
|
|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to Ver.6.10.57
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ZAQ (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for プロバイダー |
Affected:
prior to Ver.2.00.30
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Digital Arts Inc. | DigitalArts@Cloud Agent (for Windows) |
Affected:
prior to Ver.1.70R01
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R13
|
|
| Inventit Inc. | MobiConnect i-FILTER Browser Option MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Fujitsu Limited | i-FILTER Browser & Cloud MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T14:16:23.241801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T14:16:29.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.10.02.00"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.10.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.00.30"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "DigitalArts@Cloud Agent (for Windows)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.70R01"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R13"
}
]
},
{
"product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows",
"vendor": "Inventit Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:28:24.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_02.pdf"
},
{
"url": "https://biz3.optim.co.jp/"
},
{
"url": "https://www.mobi-connect.net/file/ifilter/"
},
{
"url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"
},
{
"url": "https://jvn.jp/en/jp/JVN17307628/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-28267",
"datePublished": "2026-03-09T22:28:24.535Z",
"dateReserved": "2026-02-26T00:21:16.561Z",
"dateUpdated": "2026-03-10T14:16:29.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57846 (GCVE-0-2025-57846)
Vulnerability from cvelistv5 – Published: 2025-08-27 05:28 – Updated: 2025-08-27 14:52
VLAI
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to 6.00.55
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ZAQ |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to 6.10.55
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to 4.93.R11
|
|
| Fujitsu Limited | FENCE-Mobile RemoteManager i-FILTER Browser Service |
Affected:
prior to 4.93R11
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:47:59.700143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:52:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.10.55"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 4.93.R11"
}
]
},
{
"product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T05:28:42.925Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN55678602/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-57846",
"datePublished": "2025-08-27T05:28:42.925Z",
"dateReserved": "2025-08-21T04:04:10.182Z",
"dateUpdated": "2025-08-27T14:52:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10836 (GCVE-0-2017-10836)
Vulnerability from cvelistv5 – Published: 2017-08-28 20:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN87540575/index.html | third-party-advisoryx_refsource_JVN |
| https://www.optim.co.jp/contents/23246 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OPTiM Corporation | Optimal Guard |
Affected:
1.1.21 and earlier
|
Date Public
2017-08-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#87540575",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN87540575/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.optim.co.jp/contents/23246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Optimal Guard",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "1.1.21 and earlier"
}
]
}
],
"datePublic": "2017-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#87540575",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN87540575/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.optim.co.jp/contents/23246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Optimal Guard",
"version": {
"version_data": [
{
"version_value": "1.1.21 and earlier"
}
]
}
}
]
},
"vendor_name": "OPTiM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#87540575",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN87540575/index.html"
},
{
"name": "https://www.optim.co.jp/contents/23246",
"refsource": "MISC",
"url": "https://www.optim.co.jp/contents/23246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10836",
"datePublished": "2017-08-28T20:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2026-000036
Vulnerability from jvndb - Published: 2026-03-09 14:57 - Updated:2026-03-09 16:23
Severity
Summary
Improper file access permission settings in multiple Digital Arts products
Details
Multiple products provided by Digital Arts Inc. contains the following vulnerability.
- Incorrect default permissions (CWE-276) - CVE-2026-28267
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000036.html",
"dc:date": "2026-03-09T16:23+09:00",
"dcterms:issued": "2026-03-09T14:57+09:00",
"dcterms:modified": "2026-03-09T16:23+09:00",
"description": "Multiple products provided by Digital Arts Inc. contains the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2026-28267\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000036.html",
"sec:cpe": [
{
"#text": "cpe:/a:daj:digitalarts%40cloud_agent",
"@product": "DigitalArts@Cloud Agent",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_browser_%26_cloud_multiagent",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_installer",
"@product": "i-filter",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:i-filter_browser%26cloud_multiagent_for_windows",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:inventit",
"@product": "MobiConnect i-FILTER Browser Option",
"@vendor": "Inventit Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:optim:optimal_biz_web_filtering_powered_by_i-filter_windows",
"@product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"@vendor": "OPTiM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000036",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN17307628/index.html",
"@id": "JVN#17307628",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-28267",
"@id": "CVE-2026-28267",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper file access permission settings in multiple Digital Arts products"
}
JVNDB-2017-000209
Vulnerability from jvndb - Published: 2017-08-25 14:50 - Updated:2018-02-28 12:23
Severity
Summary
Installer of Optimal Guard may insecurely load Dynamic Link Libraries
Details
Installer of Optimal Guard provided by OPTiM Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000209.html",
"dc:date": "2018-02-28T12:23+09:00",
"dcterms:issued": "2017-08-25T14:50+09:00",
"dcterms:modified": "2018-02-28T12:23+09:00",
"description": "Installer of Optimal Guard provided by OPTiM Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000209.html",
"sec:cpe": {
"#text": "cpe:/a:optim:optimal_guard",
"@product": "Optimal Guard",
"@vendor": "OPTiM Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000209",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN87540575/index.html",
"@id": "JVN#87540575",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10836",
"@id": "CVE-2017-10836",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10836",
"@id": "CVE-2017-10836",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Optimal Guard may insecurely load Dynamic Link Libraries"
}