Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Ricoh Streamline NX by Ricoh Co., Ltd

    JVNDB-2026-000003

    Vulnerability from jvndb - Published: 2026-01-09 18:17 - Updated:2026-01-09 18:17
    Severity
    Summary
    RICOH Streamline NX vulnerable to improper authorization
    Details
    RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.
    • Improper authorization (CWE-639) - CVE-2026-21409
    Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000003.html",
      "dc:date": "2026-01-09T18:17+09:00",
      "dcterms:issued": "2026-01-09T18:17+09:00",
      "dcterms:modified": "2026-01-09T18:17+09:00",
      "description": "RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.\u003cul\u003e\u003cli\u003eImproper authorization (CWE-639) - CVE-2026-21409\u003c/li\u003e\u003c/ul\u003eRicoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000003.html",
      "sec:cpe": {
        "#text": "cpe:/a:ricoh:streamline_nx",
        "@product": "Ricoh Streamline NX",
        "@vendor": "Ricoh Co., Ltd",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "5.9",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000003",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN12770174/index.html",
          "@id": "JVN#12770174",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-21409",
          "@id": "CVE-2026-21409",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "RICOH Streamline NX vulnerable to improper authorization"
    }

    JVNDB-2025-000077

    Vulnerability from jvndb - Published: 2025-09-08 13:42 - Updated:2025-09-24 16:53
    Severity
    Summary
    RICOH Streamline NX vulnerable to tampering with operation history
    Details
    RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. * Use of Less Trusted Source (CWE-348) - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000077.html",
      "dc:date": "2025-09-24T16:53+09:00",
      "dcterms:issued": "2025-09-08T13:42+09:00",
      "dcterms:modified": "2025-09-24T16:53+09:00",
      "description": "RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.\r\n\r\n* Use of Less Trusted Source (CWE-348) - CVE-2025-58422\r\n\r\nRicoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN.\r\nJPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000077.html",
      "sec:cpe": {
        "#text": "cpe:/a:ricoh:streamline_nx",
        "@product": "Ricoh Streamline NX",
        "@vendor": "Ricoh Co., Ltd",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "3.1",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000077",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN75307484/index.html",
          "@id": "JVN#75307484",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-58422",
          "@id": "CVE-2025-58422",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "RICOH Streamline NX vulnerable to tampering with operation history"
    }

    JVNDB-2025-000046

    Vulnerability from jvndb - Published: 2025-06-30 15:45 - Updated:2025-06-30 15:45
    Severity
    Summary
    SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting
    Details
    SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability.
    • Reflected cross-site scripting via a specific parameter (CWE-79) - CVE-2025-41439
    Matteo Santini reported this vulnerability to Ricoh Company, Ltd. directly and coordinated. After the coordination, Ricoh Company, Ltd. reported this case to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with Ricoh Company, Ltd. for JVN publication.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000046.html",
      "dc:date": "2025-06-30T15:45+09:00",
      "dcterms:issued": "2025-06-30T15:45+09:00",
      "dcterms:modified": "2025-06-30T15:45+09:00",
      "description": "SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability.\r\n\r\n\u003cul\u003e\u003cli\u003eReflected cross-site scripting via a specific parameter (CWE-79) - CVE-2025-41439\u003c/li\u003e\u003c/ul\u003e\r\n\r\nMatteo Santini reported this vulnerability to Ricoh Company, Ltd. directly and coordinated. After the coordination, Ricoh Company, Ltd. reported this case to IPA under Information Security Early Warning Partnership, and JPCERT/CC coordinated with Ricoh Company, Ltd. for JVN publication.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000046.html",
      "sec:cpe": {
        "#text": "cpe:/a:ricoh:streamline_nx",
        "@product": "Ricoh Streamline NX",
        "@vendor": "Ricoh Co., Ltd",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.1",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000046",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN24333956/index.html",
          "@id": "JVN#24333956",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-41439",
          "@id": "CVE-2025-41439",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting"
    }