Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for FileZen by Soliton Systems K.K.

    JVNDB-2026-000023

    Vulnerability from jvndb - Published: 2026-02-13 16:51 - Updated:2026-02-13 17:08
    Severity
    Summary
    FileZen vulnerable to OS command injection
    Details
    FileZen provided by Soliton Systems K.K. contains the following vulnerability.
    • OS command injection (CWE-78) - CVE-2026-25108
      • This vulnerability can be exploited when FileZen Antivirus Check Option is enabled
    The developer states that attacks exploiting the vulnerability has been observed.

    Soliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000023.html",
      "dc:date": "2026-02-13T17:08+09:00",
      "dcterms:issued": "2026-02-13T16:51+09:00",
      "dcterms:modified": "2026-02-13T17:08+09:00",
      "description": "FileZen provided by Soliton Systems K.K. contains the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-25108\u003c/li\u003e\u003cul\u003e\u003cli\u003eThis vulnerability can be exploited when FileZen Antivirus Check Option is enabled\u003c/li\u003e\u003c/ul\u003e\u003c/ul\u003eThe developer states that attacks exploiting the vulnerability has been observed.\u003cbr\u003e\u003cbr\u003eSoliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000023.html",
      "sec:cpe": {
        "#text": "cpe:/a:soliton:filezen",
        "@product": "FileZen",
        "@vendor": "Soliton Systems K.K.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000023",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN84622767/index.html",
          "@id": "JVN#84622767",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-25108",
          "@id": "CVE-2026-25108",
          "@source": "CVE"
        },
        {
          "#text": "https://www.jpcert.or.jp/at/2026/at260004.html",
          "@id": "JPCERT-AT-2026-0004",
          "@source": "JPCERT AT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "FileZen vulnerable to OS command injection"
    }

    JVNDB-2021-000015

    Vulnerability from jvndb - Published: 2021-02-16 15:07 - Updated:2021-03-05 17:31
    Severity
    Summary
    FileZen vulnerable to OS command injection
    Details
    FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains an OS command injection vulnerability (CWE-78). Soliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000015.html",
      "dc:date": "2021-03-05T17:31+09:00",
      "dcterms:issued": "2021-02-16T15:07+09:00",
      "dcterms:modified": "2021-03-05T17:31+09:00",
      "description": "FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface.\r\nFileZen contains an OS command injection vulnerability (CWE-78).\r\n\r\nSoliton Systems K.K. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000015.html",
      "sec:cpe": {
        "#text": "cpe:/a:soliton:filezen",
        "@product": "FileZen",
        "@vendor": "Soliton Systems K.K.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "9.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "9.1",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000015",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN58774946/index.html",
          "@id": "JVN#58774946",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20655",
          "@id": "CVE-2021-20655",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20655",
          "@id": "CVE-2021-20655",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20210216-jvn.html",
          "@id": "Regarding OS Command Injection vulnerability in FileZen (JVN#58774946)",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2021/at210009.html",
          "@id": "Alert Regarding Vulnerability (CVE-2021-20655) in FileZen",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "FileZen vulnerable to OS command injection"
    }

    JVNDB-2020-000082

    Vulnerability from jvndb - Published: 2020-12-10 15:21 - Updated:2020-12-10 15:21
    Severity
    Summary
    FileZen vulnerable to directory traversal
    Details
    FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains a directory traversal vulnerability (CWE-22). Soliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000082.html",
      "dc:date": "2020-12-10T15:21+09:00",
      "dcterms:issued": "2020-12-10T15:21+09:00",
      "dcterms:modified": "2020-12-10T15:21+09:00",
      "description": "FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface.\r\nFileZen contains a directory traversal vulnerability (CWE-22).\r\n\r\nSoliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000082.html",
      "sec:cpe": {
        "#text": "cpe:/a:soliton:filezen",
        "@product": "FileZen",
        "@vendor": "Soliton Systems K.K.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000082",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN12884935/index.html",
          "@id": "JVN#12884935",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5639",
          "@id": "CVE-2020-5639",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5639",
          "@id": "CVE-2020-5639",
          "@source": "NVD"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2020/at200044.html",
          "@id": "Alert Regarding File Data Transfer Appliance FileZen",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "FileZen vulnerable to directory traversal"
    }

    JVNDB-2018-000104

    Vulnerability from jvndb - Published: 2018-10-15 15:26 - Updated:2019-07-26 17:00
    Severity
    Summary
    Multiple vulnerabilities in FileZen
    Details
    FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. * Directory traversal (CWE-22) - CVE-2018-0693 * OS command injection (CWE-78) - CVE-2018-0694 Soliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000104.html",
      "dc:date": "2019-07-26T17:00+09:00",
      "dcterms:issued": "2018-10-15T15:26+09:00",
      "dcterms:modified": "2019-07-26T17:00+09:00",
      "description": "FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface.\r\nFileZen contains multiple vulnerabilities listed below.\r\n\r\n* Directory traversal (CWE-22) - CVE-2018-0693\r\n* OS command injection (CWE-78) - CVE-2018-0694\r\n\r\nSoliton Systems K.K. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Soliton Systems K.K. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000104.html",
      "sec:cpe": {
        "#text": "cpe:/a:soliton:filezen",
        "@product": "FileZen",
        "@vendor": "Soliton Systems K.K.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "10.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "10.0",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000104",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN95355683/index.html",
          "@id": "JVN#95355683",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0693",
          "@id": "CVE-2018-0693",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0694",
          "@id": "CVE-2018-0694",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0693",
          "@id": "CVE-2018-0693",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0694",
          "@id": "CVE-2018-0694",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20181015-jvn.html",
          "@id": "Security Alert for Vulnerabilities in  FileZen",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in FileZen"
    }

    CVE-2026-25108 (GCVE-0-2026-25108)

    Vulnerability from nvd – Published: 2026-02-13 03:39 – Updated: 2026-02-26 14:44
    VLAI CISA CIRCL KEVIntel
    Summary
    FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25108",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T04:55:24.116263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-02-24",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.718Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-24T00:00:00.000Z",
                "value": "CVE-2026-25108 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.0.0 to V5.0.10"
                }
              ]
            },
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.2.1 to V4.2.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:36:19.553Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.soliton.co.jp/support/2026/006657.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN84622767/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-25108",
        "datePublished": "2026-02-13T03:39:03.795Z",
        "dateReserved": "2026-01-30T11:03:04.608Z",
        "dateUpdated": "2026-02-26T14:44:20.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-20655 (GCVE-0-2021-20655)

    Vulnerability from nvd – Published: 2021-02-17 02:05 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2021/004334.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN58774946/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T02:05:30.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2021/004334.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN58774946/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20655",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.soliton.co.jp/support/2021/004334.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2021/004334.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN58774946/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN58774946/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20655",
        "datePublished": "2021-02-17T02:05:30.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5639 (GCVE-0-2020-5639)

    Vulnerability from nvd – Published: 2020-12-14 02:25 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: versions from V3.0.0 to V4.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.369Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2020/004278.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN12884935/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/jp/JVN12884935/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions from V3.0.0 to V4.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-14T02:25:53.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2020/004278.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN12884935/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/jp/JVN12884935/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions from V3.0.0 to V4.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.soliton.co.jp/support/2020/004278.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2020/004278.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN12884935/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN12884935/index.html"
                },
                {
                  "name": "https://jvn.jp/jp/JVN12884935/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/jp/JVN12884935/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5639",
        "datePublished": "2020-12-14T02:25:53.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0694 (GCVE-0-2018-0694)

    Vulnerability from nvd – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN95355683/index.html third-party-advisoryx_refsource_JVN
    https://www.soliton.co.jp/support/2018/003328.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: V3.0.0 to V4.2.1
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#95355683",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2018/003328.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.0 to V4.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-15T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#95355683",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2018/003328.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0694",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.0 to V4.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#95355683",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
                },
                {
                  "name": "https://www.soliton.co.jp/support/2018/003328.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2018/003328.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0694",
        "datePublished": "2018-11-15T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0693 (GCVE-0-2018-0693)

    Vulnerability from nvd – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN95355683/index.html third-party-advisoryx_refsource_JVN
    https://www.soliton.co.jp/support/2018/003328.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: V3.0.0 to V4.2.1
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#95355683",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2018/003328.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.0 to V4.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T18:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#95355683",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2018/003328.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0693",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.0 to V4.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#95355683",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
                },
                {
                  "name": "https://www.soliton.co.jp/support/2018/003328.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2018/003328.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0693",
        "datePublished": "2018-11-15T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-25108 (GCVE-0-2026-25108)

    Vulnerability from cvelistv5 – Published: 2026-02-13 03:39 – Updated: 2026-02-26 14:44
    VLAI CISA CIRCL KEVIntel
    Summary
    FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25108",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T04:55:24.116263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-02-24",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:20.718Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-25108"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-24T00:00:00.000Z",
                "value": "CVE-2026-25108 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V5.0.0 to V5.0.10"
                }
              ]
            },
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V4.2.1 to V4.2.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T04:36:19.553Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.soliton.co.jp/support/2026/006657.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN84622767/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-25108",
        "datePublished": "2026-02-13T03:39:03.795Z",
        "dateReserved": "2026-01-30T11:03:04.608Z",
        "dateUpdated": "2026-02-26T14:44:20.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-20655 (GCVE-0-2021-20655)

    Vulnerability from cvelistv5 – Published: 2021-02-17 02:05 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.247Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2021/004334.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN58774946/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-17T02:05:30.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2021/004334.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN58774946/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20655",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.soliton.co.jp/support/2021/004334.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2021/004334.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN58774946/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN58774946/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20655",
        "datePublished": "2021-02-17T02:05:30.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.247Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5639 (GCVE-0-2020-5639)

    Vulnerability from cvelistv5 – Published: 2020-12-14 02:25 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: versions from V3.0.0 to V4.2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:25.369Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2020/004278.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN12884935/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/jp/JVN12884935/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions from V3.0.0 to V4.2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-14T02:25:53.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2020/004278.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN12884935/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/jp/JVN12884935/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "versions from V3.0.0 to V4.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.soliton.co.jp/support/2020/004278.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2020/004278.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN12884935/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN12884935/index.html"
                },
                {
                  "name": "https://jvn.jp/jp/JVN12884935/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/jp/JVN12884935/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5639",
        "datePublished": "2020-12-14T02:25:53.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:25.369Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0694 (GCVE-0-2018-0694)

    Vulnerability from cvelistv5 – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN95355683/index.html third-party-advisoryx_refsource_JVN
    https://www.soliton.co.jp/support/2018/003328.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: V3.0.0 to V4.2.1
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:49.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#95355683",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2018/003328.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.0 to V4.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-15T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#95355683",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2018/003328.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0694",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.0 to V4.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#95355683",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
                },
                {
                  "name": "https://www.soliton.co.jp/support/2018/003328.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2018/003328.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0694",
        "datePublished": "2018-11-15T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:49.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-0693 (GCVE-0-2018-0693)

    Vulnerability from cvelistv5 – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
    VLAI
    Summary
    Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN95355683/index.html third-party-advisoryx_refsource_JVN
    https://www.soliton.co.jp/support/2018/003328.html x_refsource_MISC
    Impacted products
    Vendor Product Version
    Soliton Systems K.K. FileZen Affected: V3.0.0 to V4.2.1
    Create a notification for this product.
    Date Public
    2018-11-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:35:48.951Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#95355683",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/2018/003328.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FileZen",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.0 to V4.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-11-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-16T18:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#95355683",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.soliton.co.jp/support/2018/003328.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2018-0693",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "FileZen",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.0 to V4.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Soliton Systems K.K."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#95355683",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN95355683/index.html"
                },
                {
                  "name": "https://www.soliton.co.jp/support/2018/003328.html",
                  "refsource": "MISC",
                  "url": "https://www.soliton.co.jp/support/2018/003328.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2018-0693",
        "datePublished": "2018-11-15T15:00:00.000Z",
        "dateReserved": "2017-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:35:48.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }