jvndb-2024-003539
Vulnerability from jvndb
Published
2024-06-17 15:21
Modified
2024-06-17 15:21
Summary
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Details
MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. <ul> <li><b>Improper Restriction of Recursive Entity References in DTDs (&#39;XML Entity Expansion&#39;) (<a href="https://cwe.mitre.org/data/definitions/776">CWE-776</a>) </b>- CVE-2024-27141, CVE-2024-27142</li> <li><b>Execution with Unnecessary Privileges (<a href="https://cwe.mitre.org/data/definitions/250">CWE-250</a>) </b>- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498</li> <li><b>Incorrect Default Permissions (<a href="https://cwe.mitre.org/data/definitions/276">CWE-276</a>) </b>- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171</li> <li><b>Path Traversal (<a href="https://cwe.mitre.org/data/definitions/22">CWE-22</a>) </b>- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178</li> <li><b>Insertion of Sensitive Information into Log File (<a href="https://cwe.mitre.org/data/definitions/532">CWE-532</a>) </b>- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157</li> <li><b>Plaintext Storage of a Password (<a href="https://cwe.mitre.org/data/definitions/256">CWE-256</a>) </b>- CVE-2024-27166</li> <li><b>Debug Messages Revealing Unnecessary Information (<a href="https://cwe.mitre.org/data/definitions/1295">CWE-1295</a>) </b>- CVE-2024-27179</li> <li><b>Use of Default Credentials (<a href="https://cwe.mitre.org/data/definitions/1392">CWE-1392</a>) </b>- CVE-2024-27158</li> <li><b>Use of Hard-coded Credentials (<a href="https://cwe.mitre.org/data/definitions/798">CWE-798</a>) </b>- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170</li> <li><b>Use of Hard-coded Password (<a href="https://cwe.mitre.org/data/definitions/259">CWE-259</a>) </b>- CVE-2024-27164</li> <li><b>Cross-site Scripting (<a href="http://cwe.mitre.org/data/definitions/79">CWE-79</a>) </b>- CVE-2024-27162</li> <li><b>Cleartext Transmission of Sensitive Information (<a href="https://cwe.mitre.org/data/definitions/319">CWE-319</a>) </b>- CVE-2024-27163</li> <li><b>Least Privilege Violation (<a href="https://cwe.mitre.org/data/definitions/272">CWE-272</a>) </b>- CVE-2024-27165</li> <li><b>Missing Authentication for Critical Function (<a href="https://cwe.mitre.org/data/definitions/306">CWE-306</a>) </b>- CVE-2024-27169</li> <li><b>OS Command Injection (<a href="https://cwe.mitre.org/data/definitions/78">CWE-78</a>) </b>- CVE-2024-27172</li> <li><b>External Control of File Name or Path (<a href="https://cwe.mitre.org/data/definitions/73">CWE-73</a>) </b>- CVE-2024-27175</li> <li><b>Time-of-check Time-of-use (TOCTOU) Race Condition (<a href="https://cwe.mitre.org/data/definitions/367">CWE-367</a>) </b>- CVE-2024-27180</li> <li><b>Authentication Bypass Using an Alternate Path or Channel (<a href="https://cwe.mitre.org/data/definitions/288">CWE-288</a></b>) - CVE-2024-3496</li> <li><b>Relative Path Traversal (<a href="https://cwe.mitre.org/data/definitions/23">CWE-23</a>) </b>- CVE-2024-3497</li> </ul> Toshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
JVN https://jvn.jp/en/vu/JVNVU97136265/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2024-27141
CVE https://www.cve.org/CVERecord?id=CVE-2024-27142
CVE https://www.cve.org/CVERecord?id=CVE-2024-27143
CVE https://www.cve.org/CVERecord?id=CVE-2024-27146
CVE https://www.cve.org/CVERecord?id=CVE-2024-27147
CVE https://www.cve.org/CVERecord?id=CVE-2024-3498
CVE https://www.cve.org/CVERecord?id=CVE-2024-27148
CVE https://www.cve.org/CVERecord?id=CVE-2024-27149
CVE https://www.cve.org/CVERecord?id=CVE-2024-27150
CVE https://www.cve.org/CVERecord?id=CVE-2024-27151
CVE https://www.cve.org/CVERecord?id=CVE-2024-27152
CVE https://www.cve.org/CVERecord?id=CVE-2024-27153
CVE https://www.cve.org/CVERecord?id=CVE-2024-27155
CVE https://www.cve.org/CVERecord?id=CVE-2024-27167
CVE https://www.cve.org/CVERecord?id=CVE-2024-27171
CVE https://www.cve.org/CVERecord?id=CVE-2024-27144
CVE https://www.cve.org/CVERecord?id=CVE-2024-27145
CVE https://www.cve.org/CVERecord?id=CVE-2024-27173
CVE https://www.cve.org/CVERecord?id=CVE-2024-27174
CVE https://www.cve.org/CVERecord?id=CVE-2024-27176
CVE https://www.cve.org/CVERecord?id=CVE-2024-27177
CVE https://www.cve.org/CVERecord?id=CVE-2024-27178
CVE https://www.cve.org/CVERecord?id=CVE-2024-27154
CVE https://www.cve.org/CVERecord?id=CVE-2024-27156
CVE https://www.cve.org/CVERecord?id=CVE-2024-27157
CVE https://www.cve.org/CVERecord?id=CVE-2024-27166
CVE https://www.cve.org/CVERecord?id=CVE-2024-27179
CVE https://www.cve.org/CVERecord?id=CVE-2024-27158
CVE https://www.cve.org/CVERecord?id=CVE-2024-27159
CVE https://www.cve.org/CVERecord?id=CVE-2024-27160
CVE https://www.cve.org/CVERecord?id=CVE-2024-27161
CVE https://www.cve.org/CVERecord?id=CVE-2024-27168
CVE https://www.cve.org/CVERecord?id=CVE-2024-27170
CVE https://www.cve.org/CVERecord?id=CVE-2024-27164
CVE https://www.cve.org/CVERecord?id=CVE-2024-27162
CVE https://www.cve.org/CVERecord?id=CVE-2024-27163
CVE https://www.cve.org/CVERecord?id=CVE-2024-27165
CVE https://www.cve.org/CVERecord?id=CVE-2024-27169
CVE https://www.cve.org/CVERecord?id=CVE-2024-27172
CVE https://www.cve.org/CVERecord?id=CVE-2024-27175
CVE https://www.cve.org/CVERecord?id=CVE-2024-27180
CVE https://www.cve.org/CVERecord?id=CVE-2024-3496
CVE https://www.cve.org/CVERecord?id=CVE-2024-3497
Debug Messages Revealing Unnecessary Information(CWE-1295) https://cwe.mitre.org/data/definitions/1295
Use of Default Credentials(CWE-1392) https://cwe.mitre.org/data/definitions/1392.html
Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Relative Path Traversal(CWE-23) https://cwe.mitre.org/data/definitions/23.html
Execution with Unnecessary Privileges(CWE-250) https://cwe.mitre.org/data/definitions/250.html
Unprotected Storage of Credentials(CWE-256) https://cwe.mitre.org/data/definitions/256.html
Use of Hard-coded Password(CWE-259) https://cwe.mitre.org/data/definitions/259.html
Least Privilege Violation(CWE-272) https://cwe.mitre.org/data/definitions/272.html
Incorrect Default Permissions(CWE-276) https://cwe.mitre.org/data/definitions/276.html
Authentication Bypass Using an Alternate Path or Channel(CWE-288) https://cwe.mitre.org/data/definitions/288.html
Missing Authentication for Critical Function(CWE-306) https://cwe.mitre.org/data/definitions/306.html
Cleartext Transmission of Sensitive Information(CWE-319) https://cwe.mitre.org/data/definitions/319.html
Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367) https://cwe.mitre.org/data/definitions/367.html
Information Exposure Through Log Files(CWE-532) https://cwe.mitre.org/data/definitions/532.html
External Control of File Name or Path(CWE-73) https://cwe.mitre.org/data/definitions/73.html
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')(CWE-776) http://cwe.mitre.org/data/definitions/776.html
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Use of Hard-coded Credentials(CWE-798) https://cwe.mitre.org/data/definitions/798.html
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
  "dc:date": "2024-06-17T15:21+09:00",
  "dcterms:issued": "2024-06-17T15:21+09:00",
  "dcterms:modified": "2024-06-17T15:21+09:00",
  "description": "MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\t\u003cli\u003e\u003cb\u003eImproper Restriction of Recursive Entity References in DTDs (\u0026#39;XML Entity Expansion\u0026#39;) (\u003ca href=\"https://cwe.mitre.org/data/definitions/776\"\u003eCWE-776\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27141, CVE-2024-27142\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExecution with Unnecessary Privileges (\u003ca href=\"https://cwe.mitre.org/data/definitions/250\"\u003eCWE-250\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eIncorrect Default Permissions (\u003ca href=\"https://cwe.mitre.org/data/definitions/276\"\u003eCWE-276\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePath Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/22\"\u003eCWE-22\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eInsertion of Sensitive Information into Log File (\u003ca href=\"https://cwe.mitre.org/data/definitions/532\"\u003eCWE-532\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePlaintext Storage of a Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/256\"\u003eCWE-256\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27166\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eDebug Messages Revealing Unnecessary Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/1295\"\u003eCWE-1295\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27179\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Default Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/1392\"\u003eCWE-1392\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27158\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/798\"\u003eCWE-798\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/259\"\u003eCWE-259\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27164\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCross-site Scripting (\u003ca href=\"http://cwe.mitre.org/data/definitions/79\"\u003eCWE-79\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27162\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCleartext Transmission of Sensitive Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/319\"\u003eCWE-319\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27163\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eLeast Privilege Violation (\u003ca href=\"https://cwe.mitre.org/data/definitions/272\"\u003eCWE-272\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27165\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eMissing Authentication for Critical Function (\u003ca href=\"https://cwe.mitre.org/data/definitions/306\"\u003eCWE-306\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27169\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eOS Command Injection (\u003ca href=\"https://cwe.mitre.org/data/definitions/78\"\u003eCWE-78\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27172\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExternal Control of File Name or Path (\u003ca href=\"https://cwe.mitre.org/data/definitions/73\"\u003eCWE-73\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27175\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eTime-of-check Time-of-use (TOCTOU) Race Condition (\u003ca href=\"https://cwe.mitre.org/data/definitions/367\"\u003eCWE-367\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27180\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eAuthentication Bypass Using an Alternate Path or Channel (\u003ca href=\"https://cwe.mitre.org/data/definitions/288\"\u003eCWE-288\u003c/a\u003e\u003c/b\u003e) - CVE-2024-3496\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eRelative Path Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/23\"\u003eCWE-23\u003c/a\u003e) \u003c/b\u003e- CVE-2024-3497\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nToshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:misc:oki_electric_industry_multiple_product",
      "@product": "(Multiple Products)",
      "@vendor": "Oki Electric Industry Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:toshibatec:multiple_product",
      "@product": "(Multiple Products)",
      "@vendor": "TOSHIBA TEC",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2024-003539",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
      "@id": "JVNVU#97136265",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27141",
      "@id": "CVE-2024-27141",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27142",
      "@id": "CVE-2024-27142",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27143",
      "@id": "CVE-2024-27143",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27146",
      "@id": "CVE-2024-27146",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27147",
      "@id": "CVE-2024-27147",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3498",
      "@id": "CVE-2024-3498",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27148",
      "@id": "CVE-2024-27148",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27149",
      "@id": "CVE-2024-27149",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27150",
      "@id": "CVE-2024-27150",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27151",
      "@id": "CVE-2024-27151",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27152",
      "@id": "CVE-2024-27152",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27153",
      "@id": "CVE-2024-27153",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27155",
      "@id": "CVE-2024-27155",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27167",
      "@id": "CVE-2024-27167",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27171",
      "@id": "CVE-2024-27171",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27144",
      "@id": "CVE-2024-27144",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27145",
      "@id": "CVE-2024-27145",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27173",
      "@id": "CVE-2024-27173",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27174",
      "@id": "CVE-2024-27174",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27176",
      "@id": "CVE-2024-27176",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27177",
      "@id": "CVE-2024-27177",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27178",
      "@id": "CVE-2024-27178",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27154",
      "@id": "CVE-2024-27154",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27156",
      "@id": "CVE-2024-27156",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27157",
      "@id": "CVE-2024-27157",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27166",
      "@id": "CVE-2024-27166",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27179",
      "@id": "CVE-2024-27179",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27158",
      "@id": "CVE-2024-27158",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27159",
      "@id": "CVE-2024-27159",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27160",
      "@id": "CVE-2024-27160",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27161",
      "@id": "CVE-2024-27161",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27168",
      "@id": "CVE-2024-27168",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27170",
      "@id": "CVE-2024-27170",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27164",
      "@id": "CVE-2024-27164",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27162",
      "@id": "CVE-2024-27162",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27163",
      "@id": "CVE-2024-27163",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27165",
      "@id": "CVE-2024-27165",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27169",
      "@id": "CVE-2024-27169",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27172",
      "@id": "CVE-2024-27172",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27175",
      "@id": "CVE-2024-27175",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27180",
      "@id": "CVE-2024-27180",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3496",
      "@id": "CVE-2024-3496",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-3497",
      "@id": "CVE-2024-3497",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1295",
      "@id": "CWE-1295",
      "@title": "Debug Messages Revealing Unnecessary Information(CWE-1295)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1392.html",
      "@id": "CWE-1392",
      "@title": "Use of Default Credentials(CWE-1392)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/23.html",
      "@id": "CWE-23",
      "@title": "Relative Path Traversal(CWE-23)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/250.html",
      "@id": "CWE-250",
      "@title": "Execution with Unnecessary Privileges(CWE-250)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/256.html",
      "@id": "CWE-256",
      "@title": "Unprotected Storage of Credentials(CWE-256)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/259.html",
      "@id": "CWE-259",
      "@title": "Use of Hard-coded Password(CWE-259)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/272.html",
      "@id": "CWE-272",
      "@title": "Least Privilege Violation(CWE-272)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/276.html",
      "@id": "CWE-276",
      "@title": "Incorrect Default Permissions(CWE-276)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/288.html",
      "@id": "CWE-288",
      "@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/306.html",
      "@id": "CWE-306",
      "@title": "Missing Authentication for Critical Function(CWE-306)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/319.html",
      "@id": "CWE-319",
      "@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/367.html",
      "@id": "CWE-367",
      "@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/532.html",
      "@id": "CWE-532",
      "@title": "Information Exposure Through Log Files(CWE-532)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/73.html",
      "@id": "CWE-73",
      "@title": "External Control of File Name or Path(CWE-73)"
    },
    {
      "#text": "http://cwe.mitre.org/data/definitions/776.html",
      "@id": "CWE-776",
      "@title": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)(CWE-776)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/798.html",
      "@id": "CWE-798",
      "@title": "Use of Hard-coded Credentials(CWE-798)"
    }
  ],
  "title": "Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.