Search

Find a vulnerability

Search criteria

    3 vulnerabilities by Canon Marketing Japan Inc.

    JVNDB-2026-000072

    Vulnerability from jvndb - Published: 2026-05-13 15:41 - Updated:2026-05-15 15:37
    Severity
    Summary
    GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow
    Details
    GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability.
    • Stack-based buffer overflow in pop3wallpasswd command (CWE-121) - CVE-2026-32661
    • This can be exploited only when the product is configured to run pop3wallpasswd with grdnwww user privilege
    The developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite (On-premises version). Canon Marketing Japan Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Canon Marketing Japan Inc. coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000072.html",
      "dc:date": "2026-05-15T15:37+09:00",
      "dcterms:issued": "2026-05-13T15:41+09:00",
      "dcterms:modified": "2026-05-15T15:37+09:00",
      "description": "GUARDIANWALL MailSuite provided by Canon Marketing Japan Inc. contains the following vulnerability.\u003cul\u003e\u003cli\u003eStack-based buffer overflow in pop3wallpasswd command (CWE-121) - CVE-2026-32661\u003c/li\u003e\u003cli\u003eThis can be exploited only when the product is configured to run pop3wallpasswd with grdnwww user privilege\u003c/li\u003e\u003c/ul\u003eThe developer states that attacks exploiting the vulnerability has been observed in GUARDIANWALL MailSuite (On-premises version).\r\n\r\nCanon Marketing Japan Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Canon Marketing Japan Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000072.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:canon_marketing_japan_guardianwall_mailsuite",
          "@product": "GUARDIANWALL MailSuite",
          "@vendor": "Canon Marketing Japan Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:canon_marketing_japan_guardianwall_mail_security_cloud",
          "@product": "GUARDIANWALL Mail Security Cloud",
          "@vendor": "Canon Marketing Japan Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000072",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN35567473/index.html",
          "@id": "JVN#35567473",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-32661",
          "@id": "CVE-2026-32661",
          "@source": "CVE"
        },
        {
          "#text": "https://www.jpcert.or.jp/at/2026/at260013.html",
          "@id": "JPCERT-AT-2026-0013",
          "@source": "JPCERT AT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        }
      ],
      "title": "GUARDIANWALL MailSuite vulnerable to stack-based buffer overflow"
    }

    CVE-2026-32661 (GCVE-0-2026-32661)

    Vulnerability from nvd – Published: 2026-05-13 05:15 – Updated: 2026-05-13 10:49
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T10:44:26.447129Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:49:48.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GUARDIANWALL MailSuite (On-premises version)",
              "vendor": "Canon Marketing Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver 1.4.00 to Ver 2.4.26"
                }
              ]
            },
            {
              "product": "GUARDIANWALL Mail Security Cloud (SaaS version)",
              "vendor": "Canon Marketing Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before the maintenance on April 30"
                },
                {
                  "status": "affected",
                  "version": "2026"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product\u0027s web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T07:24:43.527Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://security-support.canon-its.jp/info_and_news/show/804?site_domain=GUARDIANWALL"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN35567473/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-32661",
        "datePublished": "2026-05-13T05:15:15.435Z",
        "dateReserved": "2026-05-11T00:11:34.095Z",
        "dateUpdated": "2026-05-13T10:49:48.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32661 (GCVE-0-2026-32661)

    Vulnerability from cvelistv5 – Published: 2026-05-13 05:15 – Updated: 2026-05-13 10:49
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T10:44:26.447129Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:49:48.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GUARDIANWALL MailSuite (On-premises version)",
              "vendor": "Canon Marketing Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver 1.4.00 to Ver 2.4.26"
                }
              ]
            },
            {
              "product": "GUARDIANWALL Mail Security Cloud (SaaS version)",
              "vendor": "Canon Marketing Japan Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before the maintenance on April 30"
                },
                {
                  "status": "affected",
                  "version": "2026"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product\u0027s web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd with grdnwww user privilege."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-13T07:24:43.527Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://security-support.canon-its.jp/info_and_news/show/804?site_domain=GUARDIANWALL"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN35567473/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-32661",
        "datePublished": "2026-05-13T05:15:15.435Z",
        "dateReserved": "2026-05-11T00:11:34.095Z",
        "dateUpdated": "2026-05-13T10:49:48.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }