Find a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability found for InterScan WebManager by Trend Micro, Inc.

JVNDB-2024-000095

Vulnerability from jvndb - Published: 2024-09-09 16:40 - Updated:2024-09-09 16:40

Severity

6.5 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery

Details

Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352). Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN05579230/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-45504
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Hammock Corporation	AssetView F
	Alps System Integration Co., Ltd.	InterSafe CATS
	Alps System Integration Co., Ltd.	InterSafe GatewayConnection
	Alps System Integration Co., Ltd.	InterSafe LogDirector
	Alps System Integration Co., Ltd.	InterSafe LogNavigator
	Alps System Integration Co., Ltd.	InterSafe MobileSecurity
	Alps System Integration Co., Ltd.	InterSafe WebFilter
	AXSEED,Inc.	SPPM BizBrowser
	AXSEED,Inc.	SPPM Secure Filtering
	JMA Systems Corporation	KAITO Secure Browser
	MIROKU JYOHO SERVICE CO., LTD. (MJS)	MJS Web Filtering
	MOTEX Inc.	LANSCOPE Endpoint Manager Web Filtering
	QualitySoft Corporation	URL Filtering
	Trend Micro, Inc.	InterScan WebManager

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
  "dc:date": "2024-09-09T16:40+09:00",
  "dcterms:issued": "2024-09-09T16:40+09:00",
  "dcterms:modified": "2024-09-09T16:40+09:00",
  "description": "Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hammock:assetview_f",
      "@product": "AssetView F",
      "@vendor": "Hammock Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:alps_system_integration_intersafe_cats",
      "@product": "InterSafe CATS",
      "@vendor": "Alps System Integration Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:alps_system_integration_intersafe_gatewayconnection",
      "@product": "InterSafe GatewayConnection",
      "@vendor": "Alps System Integration Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:alps_system_integration_intersafe_logdirector",
      "@product": "InterSafe LogDirector",
      "@vendor": "Alps System Integration Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:alps_system_integration_intersafe_lognavigator",
      "@product": "InterSafe LogNavigator",
      "@vendor": "Alps System Integration Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:alps_system_integration_intersafe_mobilesecurity",
      "@product": "InterSafe MobileSecurity",
      "@vendor": "Alps System Integration Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:alps_system_integration_intersafe_webfilter",
      "@product": "InterSafe WebFilter",
      "@vendor": "Alps System Integration Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:axseed_sppm_bizbrower",
      "@product": "SPPM BizBrowser",
      "@vendor": "AXSEED,Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:axseed_sppm_secure_filtering",
      "@product": "SPPM Secure Filtering",
      "@vendor": "AXSEED,Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:jmas_kaito_secure_browser",
      "@product": "KAITO Secure Browser",
      "@vendor": "JMA Systems Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:mjs_mjs_web_filtering",
      "@product": "MJS Web Filtering",
      "@vendor": "MIROKU JYOHO SERVICE CO., LTD. (MJS)",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:motex:lanscope_endpoint_manager_web_filtering",
      "@product": "LANSCOPE Endpoint Manager Web Filtering",
      "@vendor": "MOTEX Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:qualitysoft:url_filtering",
      "@product": "URL Filtering",
      "@vendor": "QualitySoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_webmanager",
      "@product": "InterScan WebManager",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.5",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000095",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN05579230/index.html",
      "@id": "JVN#05579230",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45504",
      "@id": "CVE-2024-45504",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery"
}