jvndb - jvndb-2023-000002

jvndb-2023-000002

Vulnerability from jvndb

Published

2023-01-06 14:57

Modified

2023-01-06 14:57

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Digital Arts m-FILTER vulnerable to improper authentication

Details

m-FILTER provided by Digital Arts Inc. is an emaill security product. m-FILTER contains an improper authentication vulnerability (CWE-287) when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. Digital Arts Inc. states that attacks exploiting this vulnerability have been observed. Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN55675303/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-22278
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-22278
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Digital Arts Inc.	m-FILTER

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000002.html",
   "dc:date": "2023-01-06T14:57+09:00",
   "dcterms:issued": "2023-01-06T14:57+09:00",
   "dcterms:modified": "2023-01-06T14:57+09:00",
   description: "m-FILTER provided by Digital Arts Inc. is an emaill security product.\r\nm-FILTER contains an improper authentication vulnerability (CWE-287) when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker.\r\n\r\nDigital Arts Inc. states that attacks exploiting this vulnerability have been observed.\r\n\r\nDigital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.",
   link: "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000002.html",
   "sec:cpe": {
      "#text": "cpe:/a:daj:m-filter",
      "@product": "m-FILTER",
      "@vendor": "Digital Arts Inc.",
      "@version": "2.2",
   },
   "sec:cvss": [
      {
         "@score": "4.3",
         "@severity": "Medium",
         "@type": "Base",
         "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
         "@version": "2.0",
      },
      {
         "@score": "5.3",
         "@severity": "Medium",
         "@type": "Base",
         "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
         "@version": "3.0",
      },
   ],
   "sec:identifier": "JVNDB-2023-000002",
   "sec:references": [
      {
         "#text": "http://jvn.jp/en/jp/JVN55675303/index.html",
         "@id": "JVN#55675303",
         "@source": "JVN",
      },
      {
         "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22278",
         "@id": "CVE-2023-22278",
         "@source": "CVE",
      },
      {
         "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22278",
         "@id": "CVE-2023-22278",
         "@source": "NVD",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-287",
         "@title": "Improper Authentication(CWE-287)",
      },
   ],
   title: "Digital Arts m-FILTER vulnerable to improper authentication",
}

cve-2023-22278

Vulnerability from cvelistv5

Published

2023-01-17 00:00

Modified

2025-04-04 18:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.

References

▼	URL	Tags
	https://jvn.jp/en/jp/JVN55675303/index.html

Impacted products

	Vendor	Product	Version
	Digital Arts Inc.	m-FILTER Ver.5 Series and Ver.4 Series	Version: m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:07:05.433Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jvn.jp/en/jp/JVN55675303/index.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 5.3,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "LOW",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-22278",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-04-04T18:38:12.014782Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-287",
                        description: "CWE-287 Improper Authentication",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-04-04T18:38:15.728Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "m-FILTER Ver.5 Series and Ver.4 Series",
               vendor: "Digital Arts Inc.",
               versions: [
                  {
                     status: "affected",
                     version: "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Authentication bypass",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-17T00:00:00.000Z",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               url: "https://jvn.jp/en/jp/JVN55675303/index.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2023-22278",
      datePublished: "2023-01-17T00:00:00.000Z",
      dateReserved: "2022-12-28T00:00:00.000Z",
      dateUpdated: "2025-04-04T18:38:15.728Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted