Search

Find a vulnerability

Search criteria

    1 vulnerability found for TONE FAMILY by DREAM TRAIN INTERNET INC.

    JVNDB-2023-000036

    Vulnerability from jvndb - Published: 2023-04-17 14:04 - Updated:2023-04-17 14:04
    Severity
    Summary
    API server of TONE Family vulnerable to authentication bypass using an alternate path
    Details
    API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path (CWE-288). Kodai Karakawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000036.html",
      "dc:date": "2023-04-17T14:04+09:00",
      "dcterms:issued": "2023-04-17T14:04+09:00",
      "dcterms:modified": "2023-04-17T14:04+09:00",
      "description": "API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path (CWE-288).\r\n\r\nKodai Karakawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000036.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:dream_train_internet_tone_family",
        "@product": "TONE FAMILY",
        "@vendor": "DREAM TRAIN INTERNET INC.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000036",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN14492006/index.html",
          "@id": "JVN#14492006",
          "@source": "JVN"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "API server of TONE Family vulnerable to authentication bypass using an alternate path"
    }