cvelistv5 - cve-2018-0614

CVE-2018-0614 (GCVE-0-2018-0614)

Vulnerability from cvelistv5

Published

2018-07-26 17:00

Modified

2024-08-05 03:28

Severity ?

CWE

Cross-site scripting

Summary

References

URL

	Vendor	Product	Version
	NEC Platforms, Ltd.	Calsos CSDX and CSDJ series products	Version: CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00

fkie_cve-2018-0614

Vulnerability from fkie_nvd

Published

2018-07-26 17:29

Modified

2024-11-21 03:38

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN63895206/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.necplatforms.co.jp/product/enkaku/info180702.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN63895206/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.necplatforms.co.jp/product/enkaku/info180702.html	Vendor Advisory

Impacted products

Vendor	Product	Version
necplatforms	calsos_csdx_firmware	*
necplatforms	calsos_csdx	-
necplatforms	calsos_csdx\(p\)_firmware	*
necplatforms	calsos_csdx\(p\)	-
necplatforms	calsos_csdx\(s\)_firmware	*
necplatforms	calsos_csdx\(s\)	-
necplatforms	calsos_csdx\(d\)_firmware	*
necplatforms	calsos_csdx\(d\)	-
necplatforms	calsos_csdj-b_firmware	*
necplatforms	calsos_csdj-b	-
necplatforms	calsos_csdj-d_firmware	*
necplatforms	calsos_csdj-d	-
necplatforms	calsos_csdj-h_firmware	*
necplatforms	calsos_csdj-h	-
necplatforms	calsos_csdj-a_firmware	*
necplatforms	calsos_csdj-a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "432A84D4-4983-4A60-B5E8-58C736F1DE4B",
              "versionEndIncluding": "1.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00656D53-88F9-4C4E-91B7-4E274AD1A11B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9BCFFF-ECEF-45C2-8BDC-E86A51E18D5C",
              "versionEndIncluding": "4.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6162989-0ED7-4D09-BE56-643FB752395C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2C4F9A-0A88-422D-9CD9-2D9E95A15975",
              "versionEndIncluding": "2.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6FAD2D-57C5-4112-902F-4E086B1E594E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06D1AF5-7ABE-4F15-9126-06D1A5F3A9DC",
              "versionEndIncluding": "3.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD3DF49-F4C0-43FB-97CC-13B30D6A5320",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA4BEB9-6CDB-4E5A-B133-3A865280DA5E",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD1630C2-C70B-43BD-AB13-81C44972F2F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C3EAFC-9722-40FE-A29E-CF14AC96CEDE",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6B049D-8A7E-44F2-B913-9DB827C05078",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2B4D00-C163-4478-A112-576AE04865FE",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDDA8B4-09DB-4CA7-AC39-066538067E13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2B3371-69A3-4F16-B478-8E0763114173",
              "versionEndIncluding": "03.00.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEBBF8B-706B-40B7-A00E-E1E824BD5E1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-Site Scripting (XSS) en los productos de las series Calsos CSDX y CSDJ de NEC Platforms (CSDX 1.37210411 y anteriores, CSDX(P) 4.37210411 y anteriores, CSDX(D) 3.37210411 y anteriores, CSDX(S) 2.37210411 y anteriores, CSDJ-B 01.03.00 y anteriores, CSDJ-H 01.03.00 y anteriores, CSDJ-D 01.03.00 y anteriores, CSDJ-A 03.00.00) permite a los atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2018-0614",
  "lastModified": "2024-11-21T03:38:35.733",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-26T17:29:00.550",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-8r77-6885-9g5c

Vulnerability from github

Published

2022-05-14 02:57

Modified

2022-05-14 02:57

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-26T17:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
  "id": "GHSA-8r77-6885-9g5c",
  "modified": "2022-05-14T02:57:54Z",
  "published": "2022-05-14T02:57:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0614"
    },
    {
      "type": "WEB",
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2019-19053

Vulnerability from cnvd

Title

NEC Platforms Calsos CSDX和CSDJ系列产品跨站脚本漏洞

Description

NEC Platforms Calsos CSDX和CSDJ都是日本NEC Platforms公司的远程监控设备。 NEC Platforms Calsos CSDX和CSDJ系列产品中存在跨站脚本漏洞，远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

NEC Platforms Calsos CSDX和CSDJ系列产品跨站脚本漏洞的补丁

Patch Description

NEC Platforms Calsos CSDX和CSDJ都是日本NEC Platforms公司的远程监控设备。 NEC Platforms Calsos CSDX和CSDJ系列产品中存在跨站脚本漏洞，远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.necplatforms.co.jp/product/enkaku/info180702.html

Reference

https://www.necplatforms.co.jp/product/enkaku/info180702.html

Impacted products

Name
['NEC Platforms Calsos CSDX <=1.37210411', 'NEC Platforms CSDX(P) <=4.37210411', 'NEC Platforms CSDX(D) <=3.37210411', 'NEC Platforms CSDX(S) <=2.37210411', 'NEC Platforms CSDJ-B <=01.03.00', 'NEC Platforms CSDJ-H <=01.03.00', 'NEC Platforms CSDJ-D <=01.03.00', 'NEC Platforms CSDJ-A 03.00.00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0614",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614"
    }
  },
  "description": "NEC Platforms Calsos CSDX\u548cCSDJ\u90fd\u662f\u65e5\u672cNEC Platforms\u516c\u53f8\u7684\u8fdc\u7a0b\u76d1\u63a7\u8bbe\u5907\u3002\n\nNEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "NEC Platforms",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.necplatforms.co.jp/product/enkaku/info180702.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-19053",
  "openTime": "2019-06-25",
  "patchDescription": "NEC Platforms Calsos CSDX\u548cCSDJ\u90fd\u662f\u65e5\u672cNEC Platforms\u516c\u53f8\u7684\u8fdc\u7a0b\u76d1\u63a7\u8bbe\u5907\u3002\r\n\r\nNEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NEC Platforms Calsos CSDX \u003c=1.37210411",
      "NEC Platforms CSDX(P) \u003c=4.37210411",
      "NEC Platforms CSDX(D) \u003c=3.37210411",
      "NEC Platforms CSDX(S) \u003c=2.37210411",
      "NEC Platforms CSDJ-B \u003c=01.03.00",
      "NEC Platforms CSDJ-H \u003c=01.03.00",
      "NEC Platforms CSDJ-D \u003c=01.03.00",
      "NEC Platforms CSDJ-A 03.00.00"
    ]
  },
  "referenceLink": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-07-31",
  "title": "NEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

gsd-2018-0614

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-0614

Aliases

CVE-2018-0614

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0614",
    "description": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
    "id": "GSD-2018-0614"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0614"
      ],
      "details": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
      "id": "GSD-2018-0614",
      "modified": "2023-12-13T01:22:25.014134Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0614",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Calsos CSDX and CSDJ series products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NEC Platforms, Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross-site scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
            "refsource": "CONFIRM",
            "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
          },
          {
            "name": "JVN#63895206",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.00.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0614"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
            },
            {
              "name": "JVN#63895206",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-10-02T18:02Z",
      "publishedDate": "2018-07-26T17:29Z"
    }
  }
}

Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user's web browser - CVE-2018-0614. NECPlatformsCalsosCSDX and CSDJ are remote monitoring devices from NECPlatforms, Japan

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1191",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "calsos csdj-a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "1.37210411"
      },
      {
        "model": "calsos csdj-d",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-h",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-b",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "2.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "3.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "4.37210411"
      },
      {
        "model": "csdj",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-a 03.00.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-b 01.03.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-d 01.03.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-h 01.03.00"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(d) 3.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(p) 4.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(s) 2.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "1.37210411"
      },
      {
        "model": "platforms calsos csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=4.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=3.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=2.37210411"
      },
      {
        "model": "platforms csdj-b",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-h",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-d",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdj-b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "4.37210411"
      },
      {
        "model": "calsos csdj-h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "2.37210411"
      },
      {
        "model": "calsos csdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "1.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "3.37210411"
      },
      {
        "model": "calsos csdj-d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:necplatforms:nec_platforms_csdj",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:necplatforms:calsos_csdx_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      }
    ]
  },
  "cve": "CVE-2018-0614",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-0614",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-19053",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-118816",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-0614",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0614",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000068",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000068",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-19053",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1899",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118816",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user\u0027s web browser - CVE-2018-0614. NECPlatformsCalsosCSDX and CSDJ are remote monitoring devices from NECPlatforms, Japan",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0614",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN63895206",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "id": "VAR-201807-1191",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:38:44.979000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NEC Platforms, Ltd. website ",
        "trust": 0.8,
        "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
      },
      {
        "title": "Patch of cross-site scripting vulnerability for NECPlatformsCalsosCSDX and CSDJ series products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/164955"
      },
      {
        "title": "NEC Platforms Calsos CSDX  and CSDJ Fixes for cross-site scripting vulnerabilities in the series",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82644"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn63895206/index.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0613"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0613"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "date": "2018-07-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "date": "2018-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "date": "2018-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "date": "2018-07-26T17:29:00.550000",
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-19053"
      },
      {
        "date": "2018-10-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118816"
      },
      {
        "date": "2019-07-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "date": "2018-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      },
      {
        "date": "2024-11-21T03:38:35.733000",
        "db": "NVD",
        "id": "CVE-2018-0614"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Calsos CSDX and CSDJ series products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1899"
      }
    ],
    "trust": 0.6
  }
}

cve-2018-0614

Vulnerability from jvndb

Published

2018-07-02 15:22

Modified

2019-07-24 14:31

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Details

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63895206/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0613
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0613
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0614
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000068.html",
  "dc:date": "2019-07-24T14:31+09:00",
  "dcterms:issued": "2018-07-02T15:22+09:00",
  "dcterms:modified": "2019-07-24T14:31+09:00",
  "description": "Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. \r\n\r\n* Access Restriction Bypass (CWE-284) - CVE-2018-0613\r\n* Cross-site scripting (CWE-79) - CVE-2018-0614\r\n\r\nNEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000068.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000068",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63895206/index.html",
      "@id": "JVN#63895206",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0613",
      "@id": "CVE-2018-0613",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614",
      "@id": "CVE-2018-0614",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0613",
      "@id": "CVE-2018-0613",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0614",
      "@id": "CVE-2018-0614",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Calsos CSDX and CSDJ series products"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0614 (GCVE-0-2018-0614)

Vulnerability from cvelistv5

fkie_cve-2018-0614

Vulnerability from fkie_nvd

ghsa-8r77-6885-9g5c

Vulnerability from github

cnvd-2019-19053

Vulnerability from cnvd

gsd-2018-0614

Vulnerability from gsd

var-201807-1191

Vulnerability from variot

cve-2018-0614

Vulnerability from jvndb

Tags

Sightings

Nomenclature