Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability found for (multiple product) by Xerox

JVNDB-2023-004919

Vulnerability from jvndb - Published: 2023-11-02 17:21 - Updated:2024-05-07 15:25
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Summary
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
Details
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391). Kunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp. FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
  "dc:date": "2024-05-07T15:25+09:00",
  "dcterms:issued": "2023-11-02T17:21+09:00",
  "dcterms:modified": "2024-05-07T15:25+09:00",
  "description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).\r\n\r\nKunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:fuji_xerox:multiple_product",
      "@product": "(multiple product)",
      "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:xerox:multiple_product",
      "@product": "(multiple product)",
      "@vendor": "Xerox",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-004919",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96482726/",
      "@id": "JVNVU#96482726",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-46327",
      "@id": "CVE-2023-46327",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46327",
      "@id": "CVE-2023-46327",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/1391.html",
      "@id": "CWE-1391",
      "@title": "Use of Weak Credentials(CWE-1391)"
    }
  ],
  "title": "FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength"
}