Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities by fujixerox
VAR-201809-0554
Vulnerability from variot - Updated: 2023-12-18 13:38Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. plural Fuji Xerox The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Xerox DocuCentre-V 3065, etc. are all multi-function printers from Fuji Xerox, Japan. A security vulnerability exists in several Fuji Xerox products. The following products are affected: Fuji Xerox DocuCentre-V 3065; ApeosPort-VI C3371; ApeosPort-V C4475; ApeosPort-V C3375; DocuCentre-VI C2271; 5070
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0554",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "docucentre-v c2263",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "apeosport-vi c3371",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "apeosport-v 5070",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "apeosport-v c4475",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "docucentre-vi c2271",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "apeosport-v c3375",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "docucentre-v 3065",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "apeosport-v c5576",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "docucentre-iv c2263",
"scope": "eq",
"trust": 1.6,
"vendor": "fujixerox",
"version": null
},
{
"model": "apeosport-v 5070",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "apeosport-v c3375",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "apeosport-v c4475",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "apeosport-v c5576",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "apeosport-vi c3371",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "docucentre-iv c2263",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "docucentre-v 3065",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "docucentre-v c2263",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
},
{
"model": "docucentre-vi c2271",
"scope": null,
"trust": 0.8,
"vendor": "fuji xerox",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:docucentre-v_3065_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:docucentre-v_3065:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:apeosport-v_c4475_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:apeosport-v_c4475:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:apeosport-vi_c3371_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:apeosport-vi_c3371:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:apeosport-v_c3375_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:apeosport-v_c3375:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:docucentre-vi_c2271_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:docucentre-vi_c2271:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:apeosport-v_c5576_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:apeosport-v_c5576:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:docucentre-iv_c2263_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:docucentre-iv_c2263:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:docucentre-v_c2263_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:docucentre-v_c2263:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujixerox:apeosport-v_5070_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujixerox:apeosport-v_5070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16709"
}
]
},
"cve": "CVE-2018-16709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-16709",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-127095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-16709",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16709",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-382",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-127095",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, ApeosPort-V C3375, DocuCentre-VI C2271, ApeosPort-V C5576, DocuCentre-IV C2263, DocuCentre-V C2263, and ApeosPort-V 5070 devices allow remote attackers to read or write to files via crafted PJL commands. plural Fuji Xerox The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fuji Xerox DocuCentre-V 3065, etc. are all multi-function printers from Fuji Xerox, Japan. A security vulnerability exists in several Fuji Xerox products. The following products are affected: Fuji Xerox DocuCentre-V 3065; ApeosPort-VI C3371; ApeosPort-V C4475; ApeosPort-V C3375; DocuCentre-VI C2271; 5070",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "VULHUB",
"id": "VHN-127095"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16709",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "45332",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-382",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-99081",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-127095",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"id": "VAR-201809-0554",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127095"
}
],
"trust": 1.1
},
"last_update_date": "2023-12-18T13:38:31.799000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.fujixerox.com.cn/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "NVD",
"id": "CVE-2018-16709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/45332/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16709"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16709"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-127095"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"date": "2018-09-07T19:29:00.413000",
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-127095"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010466"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-16709"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Fuji Xerox Command injection vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-382"
}
],
"trust": 0.6
}
}
VAR-201709-0219
Vulnerability from variot - Updated: 2023-12-18 12:29Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 ・ DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c6671"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c3371"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c4471"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c7771"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c2271"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c4471"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c7771"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c2271"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c5571"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c6671"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c3371"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 1.0,
"vendor": "fujifilm",
"version": "c5571"
},
{
"model": "contentsbridge utility",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "docuworks viewer light",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "apeosport-vi",
"scope": null,
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for art ex driver installer ( digitally signed time stamp is japan time 2017 year 4 moon 12 day 11:04 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for postscript driver microsoft pscript for + function addition plugin + ppd file installer ( digitally signed time stamp is japan time 2017 year 4 moon 12 day 11:10 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for xps supported driver installer ( digitally signed time stamp is japan time 2016 year 11 moon 4 day 08:48 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 for art ex direct fax driver installer ( digitally signed time stamp is japan time 2017 year 5 moon 26 day 16:44 before )(cve-2017-10850)"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.8,
"vendor": "\u5bcc\u58eb\u30bc\u30ed\u30c3\u30af\u30b9\u682a\u5f0f\u4f1a\u793e",
"version": "c7771/c6671/c5571/c4471/c3371/c2271 configuration restore tool installer for ( digitally signed time stamp is japan time 2015 year 8 moon 25 day 17:51 before )(cve-2017-10850)"
},
{
"model": "xerox co.,ltd. docucentre-vi c2271",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c3371",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c4471",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c5571",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c6671",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. docucentre-vi c7771",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c2271",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c3371",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c4471",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c5571",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c6671",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "xerox co.,ltd. apeosport-vi c7771",
"scope": null,
"trust": 0.6,
"vendor": "fuji",
"version": null
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c4471"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c2271"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c5571"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c3371"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c7771"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c2271"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c5571"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c6671"
},
{
"model": "apeosport-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c7771"
},
{
"model": "docucentre-vi",
"scope": "eq",
"trust": 0.6,
"vendor": "fujixerox",
"version": "c3371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c2271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c3371:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c4471:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c5571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c6671:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:apeosport-vi:c7771:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c2271:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c3371:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c4471:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c5571:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c6671:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fujifilm:docucentre-vi:c7771:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10850"
}
]
},
"cve": "CVE-2017-10850",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000219",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-30714",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000219",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10850",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-30714",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-028",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Installers for multiple products provided by Fuji Xerox Co., Ltd. DocuWorks For self-extracting documents, DLL There is a problem with the search path when reading or executing a self-extracting document, which is unintended. DLL Reading vulnerability (CWE-427) Exists. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developers. Reporter : Tachibana Research Institute Hidetoshi Masami MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Arbitrary code is executed with administrator privileges when the installer is started. - CVE-2017-10848, CVE-2017-10850, CVE-2017-10851 \u30fb DocuWorks Arbitrary code is executed with the authority of the user who executed the self-extracting document - CVE-2017-10849. FujiXeroxDocuCentre-VI and ApeosPort-VI are digital copier PCL print drivers. There are several untrusted search path vulnerabilities in the FujiXerox product installer. Allows an attacker to gain privileges by logging in an unknown Trojan DLL directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "CNVD",
"id": "CNVD-2017-30714"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10850",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN09769017",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2017-30714",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"id": "VAR-201709-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
}
]
},
"last_update_date": "2023-12-18T12:29:28.607000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "In the software provided by us DLL About read vulnerability",
"trust": 0.8,
"url": "https://www.fujifilm.com/fb/company/news/notice/2017/0831_rectification_work.html"
},
{
"title": "Patches for multiple FujiXerox product installers untrusted search path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/104093"
},
{
"title": "Fuji Xerox ApeosPort-VI and DocuCentre-VI Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147283"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-426",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://jvn.jp/en/jp/jvn09769017/index.html"
},
{
"trust": 1.6,
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn09769017/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta91240916/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10848"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10849"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10850"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10851"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000219.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"date": "2017-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"date": "2017-09-01T14:29:00.290000",
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30714"
},
{
"date": "2021-04-12T04:30:00",
"db": "JVNDB",
"id": "JVNDB-2017-000219"
},
{
"date": "2021-04-23T13:16:33.070000",
"db": "NVD",
"id": "CVE-2017-10850"
},
{
"date": "2021-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In multiple products manufactured by Fuji Xerox Co., Ltd. \u00a0DLL\u00a0 Read vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-028"
}
],
"trust": 0.6
}
}
CVE-2020-5526 (GCVE-0-2020-5526)
Vulnerability from cvelistv5 – Published: 2020-01-31 03:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://onlinesupport.fujixerox.com/processDriverF… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN00014057/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | AWMS Mobile App |
Affected:
for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00014057/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AWMS Mobile App",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T03:35:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN00014057/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AWMS Mobile App",
"version": {
"version_data": [
{
"version_value": "for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en",
"refsource": "MISC",
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"name": "http://jvn.jp/en/jp/JVN00014057/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN00014057/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5526",
"datePublished": "2020-01-31T03:35:17.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5522 (GCVE-0-2020-5522)
Vulnerability from cvelistv5 – Published: 2020-01-27 09:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.printing.ne.jp/support/information/Ap… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN66435380/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | kantan netprint App for Android |
Affected:
2.0.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kantan netprint App for Android",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kantan netprint App for Android",
"version": {
"version_data": [
{
"version_value": "2.0.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.printing.ne.jp/support/information/AppVulnerability.html",
"refsource": "MISC",
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"name": "http://jvn.jp/en/jp/JVN66435380/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5522",
"datePublished": "2020-01-27T09:35:27.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5520 (GCVE-0-2020-5520)
Vulnerability from cvelistv5 – Published: 2020-01-27 09:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.printing.ne.jp/support/information/Ap… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN66435380/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | netprint App for iOS |
Affected:
3.2.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netprint App for iOS",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "3.2.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netprint App for iOS",
"version": {
"version_data": [
{
"version_value": "3.2.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.printing.ne.jp/support/information/AppVulnerability.html",
"refsource": "MISC",
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"name": "http://jvn.jp/en/jp/JVN66435380/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5520",
"datePublished": "2020-01-27T09:35:27.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5521 (GCVE-0-2020-5521)
Vulnerability from cvelistv5 – Published: 2020-01-27 09:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.printing.ne.jp/support/information/Ap… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN66435380/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | kantan netprint App for iOS |
Affected:
2.0.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kantan netprint App for iOS",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kantan netprint App for iOS",
"version": {
"version_data": [
{
"version_value": "2.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.printing.ne.jp/support/information/AppVulnerability.html",
"refsource": "MISC",
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"name": "http://jvn.jp/en/jp/JVN66435380/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5521",
"datePublished": "2020-01-27T09:35:27.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16307 (GCVE-0-2019-16307)
Vulnerability from cvelistv5 – Published: 2019-09-14 16:19 – Updated: 2024-08-05 01:10
VLAI
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gist.github.com/izadgot/3efc75f62f9c9567c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-14T16:19:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425",
"refsource": "MISC",
"url": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16307",
"datePublished": "2019-09-14T16:19:22.000Z",
"dateReserved": "2019-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:10:41.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6004 (GCVE-0-2019-6004)
Vulnerability from cvelistv5 – Published: 2019-09-12 15:58 – Updated: 2024-08-04 20:09
VLAI
Summary
Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- Open Redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://onlinesupport.fujixerox.com/processDriverF… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN07679150/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | ApeosWare Management Suite and ApeosWare Management Suite 2 |
Affected:
ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07679150/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ApeosWare Management Suite and ApeosWare Management Suite 2",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN07679150/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ApeosWare Management Suite and ApeosWare Management Suite 2",
"version": {
"version_data": [
{
"version_value": "ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en",
"refsource": "MISC",
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"name": "http://jvn.jp/en/jp/JVN07679150/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN07679150/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6004",
"datePublished": "2019-09-12T15:58:55.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10849 (GCVE-0-2017-10849)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN09769017/index.html | third-party-advisoryx_refsource_JVN |
| http://www.fujixerox.co.jp/company/news/notice/20… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Self-extracting document generated by DocuWorks |
Affected:
8.0.7 and earlier
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Self-extracting document generated by DocuWorks",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "8.0.7 and earlier"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Self-extracting document generated by DocuWorks",
"version": {
"version_data": [
{
"version_value": "8.0.7 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10849",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10848 (GCVE-0-2017-10848)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN09769017/index.html | third-party-advisoryx_refsource_JVN |
| http://www.fujixerox.co.jp/company/news/notice/20… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Installer for DocuWorks |
Affected:
8.0.7 and earlier
|
|
| Fuji Xerox Co.,Ltd. | Installer for DocuWorks Viewer Light |
Affected:
published in Jul 2017 and earlier
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for DocuWorks",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "8.0.7 and earlier"
}
]
},
{
"product": "Installer for DocuWorks Viewer Light",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "published in Jul 2017 and earlier"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for DocuWorks",
"version": {
"version_data": [
{
"version_value": "8.0.7 and earlier"
}
]
}
},
{
"product_name": "Installer for DocuWorks Viewer Light",
"version": {
"version_data": [
{
"version_value": "published in Jul 2017 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10848",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10851 (GCVE-0-2017-10851)
Vulnerability from cvelistv5 – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN09769017/index.html | third-party-advisoryx_refsource_JVN |
| http://www.fujixerox.co.jp/company/news/notice/20… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Installer for ContentsBridge Utility for Windows |
Affected:
7.4.0 and earlier
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for ContentsBridge Utility for Windows",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "7.4.0 and earlier"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for ContentsBridge Utility for Windows",
"version": {
"version_data": [
{
"version_value": "7.4.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10851",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5526 (GCVE-0-2020-5526)
Vulnerability from nvd – Published: 2020-01-31 03:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://onlinesupport.fujixerox.com/processDriverF… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN00014057/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | AWMS Mobile App |
Affected:
for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00014057/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AWMS Mobile App",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T03:35:17.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN00014057/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AWMS Mobile App",
"version": {
"version_data": [
{
"version_value": "for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en",
"refsource": "MISC",
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"name": "http://jvn.jp/en/jp/JVN00014057/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN00014057/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5526",
"datePublished": "2020-01-31T03:35:17.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5522 (GCVE-0-2020-5522)
Vulnerability from nvd – Published: 2020-01-27 09:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.printing.ne.jp/support/information/Ap… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN66435380/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | kantan netprint App for Android |
Affected:
2.0.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kantan netprint App for Android",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kantan netprint App for Android",
"version": {
"version_data": [
{
"version_value": "2.0.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.printing.ne.jp/support/information/AppVulnerability.html",
"refsource": "MISC",
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"name": "http://jvn.jp/en/jp/JVN66435380/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5522",
"datePublished": "2020-01-27T09:35:27.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5520 (GCVE-0-2020-5520)
Vulnerability from nvd – Published: 2020-01-27 09:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.printing.ne.jp/support/information/Ap… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN66435380/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | netprint App for iOS |
Affected:
3.2.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netprint App for iOS",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "3.2.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netprint App for iOS",
"version": {
"version_data": [
{
"version_value": "3.2.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.printing.ne.jp/support/information/AppVulnerability.html",
"refsource": "MISC",
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"name": "http://jvn.jp/en/jp/JVN66435380/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5520",
"datePublished": "2020-01-27T09:35:27.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5521 (GCVE-0-2020-5521)
Vulnerability from nvd – Published: 2020-01-27 09:35 – Updated: 2024-08-04 08:30
VLAI
Summary
The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- Fails to verify SSL certificates
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.printing.ne.jp/support/information/Ap… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN66435380/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | kantan netprint App for iOS |
Affected:
2.0.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kantan netprint App for iOS",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "2.0.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify SSL certificates",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T09:35:27.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kantan netprint App for iOS",
"version": {
"version_data": [
{
"version_value": "2.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.printing.ne.jp/support/information/AppVulnerability.html",
"refsource": "MISC",
"url": "https://www.printing.ne.jp/support/information/AppVulnerability.html"
},
{
"name": "http://jvn.jp/en/jp/JVN66435380/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN66435380/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5521",
"datePublished": "2020-01-27T09:35:27.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16307 (GCVE-0-2019-16307)
Vulnerability from nvd – Published: 2019-09-14 16:19 – Updated: 2024-08-05 01:10
VLAI
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://gist.github.com/izadgot/3efc75f62f9c9567c… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:10:41.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-14T16:19:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425",
"refsource": "MISC",
"url": "https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16307",
"datePublished": "2019-09-14T16:19:22.000Z",
"dateReserved": "2019-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:10:41.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6004 (GCVE-0-2019-6004)
Vulnerability from nvd – Published: 2019-09-12 15:58 – Updated: 2024-08-04 20:09
VLAI
Summary
Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Severity
No CVSS data available.
CWE
- Open Redirect
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://onlinesupport.fujixerox.com/processDriverF… | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN07679150/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | ApeosWare Management Suite and ApeosWare Management Suite 2 |
Affected:
ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07679150/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ApeosWare Management Suite and ApeosWare Management Suite 2",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T15:58:55.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN07679150/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ApeosWare Management Suite and ApeosWare Management Suite 2",
"version": {
"version_data": [
{
"version_value": "ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en",
"refsource": "MISC",
"url": "http://onlinesupport.fujixerox.com/processDriverForm.do?ctry_code=SG\u0026lang_code=en\u0026d_lang=en\u0026corp_pid=AWMS2\u0026rts=null\u0026model=ApeosWare+Management+Suite+2\u0026type_id=7\u0026oslist=Windows+10+64bit\u0026lang_list=en"
},
{
"name": "http://jvn.jp/en/jp/JVN07679150/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN07679150/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6004",
"datePublished": "2019-09-12T15:58:55.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:09:24.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10851 (GCVE-0-2017-10851)
Vulnerability from nvd – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN09769017/index.html | third-party-advisoryx_refsource_JVN |
| http://www.fujixerox.co.jp/company/news/notice/20… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Installer for ContentsBridge Utility for Windows |
Affected:
7.4.0 and earlier
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for ContentsBridge Utility for Windows",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "7.4.0 and earlier"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for ContentsBridge Utility for Windows",
"version": {
"version_data": [
{
"version_value": "7.4.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10851",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10849 (GCVE-0-2017-10849)
Vulnerability from nvd – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN09769017/index.html | third-party-advisoryx_refsource_JVN |
| http://www.fujixerox.co.jp/company/news/notice/20… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Self-extracting document generated by DocuWorks |
Affected:
8.0.7 and earlier
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Self-extracting document generated by DocuWorks",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "8.0.7 and earlier"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Self-extracting document generated by DocuWorks",
"version": {
"version_data": [
{
"version_value": "8.0.7 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10849",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10848 (GCVE-0-2017-10848)
Vulnerability from nvd – Published: 2017-09-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN09769017/index.html | third-party-advisoryx_refsource_JVN |
| http://www.fujixerox.co.jp/company/news/notice/20… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fuji Xerox Co.,Ltd. | Installer for DocuWorks |
Affected:
8.0.7 and earlier
|
|
| Fuji Xerox Co.,Ltd. | Installer for DocuWorks Viewer Light |
Affected:
published in Jul 2017 and earlier
|
Date Public
2017-08-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for DocuWorks",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "8.0.7 and earlier"
}
]
},
{
"product": "Installer for DocuWorks Viewer Light",
"vendor": "Fuji Xerox Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "published in Jul 2017 and earlier"
}
]
}
],
"datePublic": "2017-08-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#09769017",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for DocuWorks",
"version": {
"version_data": [
{
"version_value": "8.0.7 and earlier"
}
]
}
},
{
"product_name": "Installer for DocuWorks Viewer Light",
"version": {
"version_data": [
{
"version_value": "published in Jul 2017 and earlier"
}
]
}
}
]
},
"vendor_name": "Fuji Xerox Co.,Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09769017",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN09769017/index.html"
},
{
"name": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html",
"refsource": "CONFIRM",
"url": "http://www.fujixerox.co.jp/company/news/notice/2017/0831_rectification_work.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10848",
"datePublished": "2017-09-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}