Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Optical Disc Archive Software by Sony Corporation

    JVNDB-2026-000084

    Vulnerability from jvndb - Published: 2026-06-16 14:01 - Updated:2026-06-16 14:01
    Severity
    Summary
    Improper file access permission settings in the installers for Optical Disc Archive Software for Windows
    Details
    Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability.
    • Incorrect default permissions (CWE-276) - CVE-2026-50255
    Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000084.html",
      "dc:date": "2026-06-16T14:01+09:00",
      "dcterms:issued": "2026-06-16T14:01+09:00",
      "dcterms:modified": "2026-06-16T14:01+09:00",
      "description": "Optical Disc Archive Software for Windows provided by Sony Corporation contains the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2026-50255\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000084.html",
      "sec:cpe": {
        "#text": "cpe:/a:sony:optical_disc_archive_software",
        "@product": "Optical Disc Archive Software",
        "@vendor": "Sony Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.7",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000084",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN79926428/index.html",
          "@id": "JVN#79926428",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-50255",
          "@id": "CVE-2026-50255",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper file access permission settings in the installers for Optical Disc Archive Software for Windows"
    }

    JVNDB-2025-000098

    Vulnerability from jvndb - Published: 2025-11-04 13:51 - Updated:2025-11-04 13:51
    Severity
    Summary
    Optical Disc Archive Software (for Windows) registers a Windows service with an unquoted file path
    Details
    Optical Disc Archive Software (for Windows) provided by Sony Corporation contains the following vulnerability. * Unquoted search path or element (CWE-428) - CVE-2025-62225 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000098.html",
      "dc:date": "2025-11-04T13:51+09:00",
      "dcterms:issued": "2025-11-04T13:51+09:00",
      "dcterms:modified": "2025-11-04T13:51+09:00",
      "description": "Optical Disc Archive Software (for Windows) provided by Sony Corporation contains the following vulnerability.\r\n\r\n* Unquoted search path or element (CWE-428) - CVE-2025-62225\r\n\r\nKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000098.html",
      "sec:cpe": {
        "#text": "cpe:/a:sony:optical_disc_archive_software",
        "@product": "Optical Disc Archive Software",
        "@vendor": "Sony Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.7",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000098",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN81917433/index.html",
          "@id": "JVN#81917433",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-62225",
          "@id": "CVE-2025-62225",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Optical Disc Archive Software (for Windows) registers a Windows service with an unquoted file path"
    }