Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by TIS Inc.
CVE-2019-5918 (GCVE-0-2019-5918)
Vulnerability from cvelistv5 – Published: 2019-03-12 21:00 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nablarch.atlassian.net/projects/NAB/issue… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN56542712/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIS Inc. | Nablarch 5 |
Affected:
Nablarch 5, and 5u1 to 5u13
|
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nablarch 5",
"vendor": "TIS Inc.",
"versions": [
{
"status": "affected",
"version": "Nablarch 5, and 5u1 to 5u13"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T20:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nablarch 5",
"version": {
"version_data": [
{
"version_value": "Nablarch 5, and 5u1 to 5u13"
}
]
}
}
]
},
"vendor_name": "TIS Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295",
"refsource": "MISC",
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5918",
"datePublished": "2019-03-12T21:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5919 (GCVE-0-2019-5919)
Vulnerability from cvelistv5 – Published: 2019-03-12 21:00 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.
Severity
No CVSS data available.
CWE
- An incomplete cryptography
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nablarch.atlassian.net/browse/NAB-313 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN56542712/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIS Inc. | Nablarch 5 |
Affected:
Nablarch 5, and 5u1 to 5u13
|
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nablarch.atlassian.net/browse/NAB-313"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nablarch 5",
"vendor": "TIS Inc.",
"versions": [
{
"status": "affected",
"version": "Nablarch 5, and 5u1 to 5u13"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An incomplete cryptography",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T20:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nablarch.atlassian.net/browse/NAB-313"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nablarch 5",
"version": {
"version_data": [
{
"version_value": "Nablarch 5, and 5u1 to 5u13"
}
]
}
}
]
},
"vendor_name": "TIS Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An incomplete cryptography"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nablarch.atlassian.net/browse/NAB-313",
"refsource": "MISC",
"url": "https://nablarch.atlassian.net/browse/NAB-313"
},
{
"name": "JVN#56542712",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5919",
"datePublished": "2019-03-12T21:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5918 (GCVE-0-2019-5918)
Vulnerability from nvd – Published: 2019-03-12 21:00 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nablarch.atlassian.net/projects/NAB/issue… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN56542712/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIS Inc. | Nablarch 5 |
Affected:
Nablarch 5, and 5u1 to 5u13
|
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nablarch 5",
"vendor": "TIS Inc.",
"versions": [
{
"status": "affected",
"version": "Nablarch 5, and 5u1 to 5u13"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T20:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nablarch 5",
"version": {
"version_data": [
{
"version_value": "Nablarch 5, and 5u1 to 5u13"
}
]
}
}
]
},
"vendor_name": "TIS Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295",
"refsource": "MISC",
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5918",
"datePublished": "2019-03-12T21:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5919 (GCVE-0-2019-5919)
Vulnerability from nvd – Published: 2019-03-12 21:00 – Updated: 2024-08-04 20:09
VLAI
EPSS
VEX
Summary
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.
Severity
No CVSS data available.
CWE
- An incomplete cryptography
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://nablarch.atlassian.net/browse/NAB-313 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN56542712/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIS Inc. | Nablarch 5 |
Affected:
Nablarch 5, and 5u1 to 5u13
|
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nablarch.atlassian.net/browse/NAB-313"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nablarch 5",
"vendor": "TIS Inc.",
"versions": [
{
"status": "affected",
"version": "Nablarch 5, and 5u1 to 5u13"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An incomplete cryptography",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T20:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nablarch.atlassian.net/browse/NAB-313"
},
{
"name": "JVN#56542712",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nablarch 5",
"version": {
"version_data": [
{
"version_value": "Nablarch 5, and 5u1 to 5u13"
}
]
}
}
]
},
"vendor_name": "TIS Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An incomplete cryptography"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nablarch.atlassian.net/browse/NAB-313",
"refsource": "MISC",
"url": "https://nablarch.atlassian.net/browse/NAB-313"
},
{
"name": "JVN#56542712",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5919",
"datePublished": "2019-03-12T21:00:00.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:23.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2019-000012
Vulnerability from jvndb - Published: 2019-02-27 17:14 - Updated:2019-09-27 10:15
Severity
Summary
Multiple vulnerabilities in Nablarch
Details
Nablarch provided by TIS Inc. contains multiple vulnerabilities listed below.
*The vulnerability in the function of generic formatter by XXE attacks (CWE-611) - CVE-2019-5918
*An incomplete cryptography of the data store function by using hidden tag (CWE-310) - CVE-2019-5919
TIS Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and TIS Inc. coordinated under the Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000012.html",
"dc:date": "2019-09-27T10:15+09:00",
"dcterms:issued": "2019-02-27T17:14+09:00",
"dcterms:modified": "2019-09-27T10:15+09:00",
"description": "Nablarch provided by TIS Inc. contains multiple vulnerabilities listed below. \r\n*The vulnerability in the function of generic formatter by XXE attacks (CWE-611) - CVE-2019-5918 \r\n*An incomplete cryptography of the data store function by using hidden tag (CWE-310) - CVE-2019-5919 \r\n\r\nTIS Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and TIS Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000012.html",
"sec:cpe": {
"#text": "cpe:/a:nablarch_project:nablarch",
"@product": "Nablarch",
"@vendor": "TIS Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "8.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"@version": "2.0"
},
{
"@score": "8.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000012",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN56542712/index.html",
"@id": "JVN#56542712",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5918",
"@id": "CVE-2019-5918",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5919",
"@id": "CVE-2019-5919",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5918",
"@id": "CVE-2019-5918",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5919",
"@id": "CVE-2019-5919",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Nablarch"
}