Search

Find a vulnerability

Search criteria

    1 vulnerability found for Setup file of advance preparation by National Tax Agency JAPAN

    JVNDB-2017-000129

    Vulnerability from jvndb - Published: 2017-06-09 15:59 - Updated:2018-02-14 13:55
    Severity
    Summary
    Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries
    Details
    "Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation"contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Takashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000129.html",
      "dc:date": "2018-02-14T13:55+09:00",
      "dcterms:issued": "2017-06-09T15:59+09:00",
      "dcterms:modified": "2018-02-14T13:55+09:00",
      "description": "\"Setup file of advance preparation\" provided by National Tax Agency is software to setup the environment which is required to use \"filing assistance on the NTA website\".\r\n\"Setup file of advance preparation\"contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000129.html",
      "sec:cpe": {
        "#text": "cpe:/a:nta:nta_advance_preparation_setup_file",
        "@product": "Setup file of advance preparation",
        "@vendor": "National Tax Agency JAPAN",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000129",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN34508179/index.html",
          "@id": "JVN#34508179",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2215",
          "@id": "CVE-2017-2215",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2215",
          "@id": "CVE-2017-2215",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of \"Setup file of advance preparation\" may insecurely load Dinamic Link Libraries"
    }