Search
Find a vulnerability
Search criteria
32 vulnerabilities by Digital Arts Inc.
CVE-2026-28267 (GCVE-0-2026-28267)
Vulnerability from nvd – Published: 2026-03-09 22:28 – Updated: 2026-03-10 14:16
VLAI
Summary
Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 10 (Windows version only) |
Affected:
prior to Ver.10.02.00
|
|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to Ver.6.10.57
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ZAQ (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for プロバイダー |
Affected:
prior to Ver.2.00.30
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Digital Arts Inc. | DigitalArts@Cloud Agent (for Windows) |
Affected:
prior to Ver.1.70R01
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R13
|
|
| Inventit Inc. | MobiConnect i-FILTER Browser Option MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Fujitsu Limited | i-FILTER Browser & Cloud MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T14:16:23.241801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T14:16:29.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.10.02.00"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.10.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.00.30"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "DigitalArts@Cloud Agent (for Windows)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.70R01"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R13"
}
]
},
{
"product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows",
"vendor": "Inventit Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:28:24.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_02.pdf"
},
{
"url": "https://biz3.optim.co.jp/"
},
{
"url": "https://www.mobi-connect.net/file/ifilter/"
},
{
"url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"
},
{
"url": "https://jvn.jp/en/jp/JVN17307628/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-28267",
"datePublished": "2026-03-09T22:28:24.535Z",
"dateReserved": "2026-02-26T00:21:16.561Z",
"dateUpdated": "2026-03-10T14:16:29.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25191 (GCVE-0-2026-25191)
Vulnerability from nvd – Published: 2026-02-26 05:39 – Updated: 2026-02-26 14:24
VLAI
Summary
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | FinalCode Ver.5 series |
Affected:
prior to 5.43R01
|
|
| Digital Arts Inc. | FinalCode Ver.6 series |
Affected:
prior to 6.51R01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T14:24:21.775649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:24:33.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FinalCode Ver.5 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 5.43R01"
}
]
},
{
"product": "FinalCode Ver.6 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.51R01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer\u0027s execution privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T05:39:24.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260226_01.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN48498976/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25191",
"datePublished": "2026-02-26T05:39:24.457Z",
"dateReserved": "2026-02-12T07:13:34.985Z",
"dateUpdated": "2026-02-26T14:24:33.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23703 (GCVE-0-2026-23703)
Vulnerability from nvd – Published: 2026-02-26 05:39 – Updated: 2026-02-26 14:25
VLAI
Summary
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | FinalCode Ver.5 series |
Affected:
prior to 5.43R01
|
|
| Digital Arts Inc. | FinalCode Ver.6 series |
Affected:
prior to 6.51R01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T14:25:01.795668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:25:14.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FinalCode Ver.5 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 5.43R01"
}
]
},
{
"product": "FinalCode Ver.6 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.51R01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T05:39:11.471Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260226_01.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN48498976/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-23703",
"datePublished": "2026-02-26T05:39:11.471Z",
"dateReserved": "2026-02-12T07:13:38.504Z",
"dateUpdated": "2026-02-26T14:25:14.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57846 (GCVE-0-2025-57846)
Vulnerability from nvd – Published: 2025-08-27 05:28 – Updated: 2025-08-27 14:52
VLAI
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to 6.00.55
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ZAQ |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to 6.10.55
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to 4.93.R11
|
|
| Fujitsu Limited | FENCE-Mobile RemoteManager i-FILTER Browser Service |
Affected:
prior to 4.93R11
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:47:59.700143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:52:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.10.55"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 4.93.R11"
}
]
},
{
"product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T05:28:42.925Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN55678602/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-57846",
"datePublished": "2025-08-27T05:28:42.925Z",
"dateReserved": "2025-08-21T04:04:10.182Z",
"dateUpdated": "2025-08-27T14:52:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47149 (GCVE-0-2025-47149)
Vulnerability from nvd – Published: 2025-05-23 09:09 – Updated: 2025-05-23 12:31
VLAI
Summary
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-348 - Use of less trusted source
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.10.50R01 to Ver.10.67R02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:31:23.795831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:31:36.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.10.50R01 to Ver.10.67R02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T09:09:37.277Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://download.daj.co.jp/support/detail/?page=releasenote_content\u0026division=6\u0026id=1057"
},
{
"url": "https://jvn.jp/en/jp/JVN68079883/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-47149",
"datePublished": "2025-05-23T09:09:37.277Z",
"dateReserved": "2025-05-20T13:35:31.600Z",
"dateUpdated": "2025-05-23T12:31:36.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22278 (GCVE-0-2023-22278)
Vulnerability from nvd – Published: 2023-01-17 00:00 – Updated: 2025-04-04 18:38
VLAI
Summary
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Authentication bypass
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | m-FILTER Ver.5 Series and Ver.4 Series |
Affected:
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T18:38:12.014782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T18:38:15.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "m-FILTER Ver.5 Series and Ver.4 Series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22278",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-04-04T18:38:15.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21170 (GCVE-0-2022-21170)
Vulnerability from nvd – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI
Summary
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
Severity
No CVSS data available.
CWE
- Improper check for certificate revocation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://download.daj.co.jp/user/ifilter/V10/ | x_refsource_MISC |
| https://download.daj.co.jp/user/ifilter/V9/ | x_refsource_MISC |
| https://download.daj.co.jp/user/ifb/ | x_refsource_MISC |
| https://download.daj.co.jp/user/dspa/V4/ | x_refsource_MISC |
| https://download.daj.co.jp/user/dspa/V3/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN33214411/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER |
Affected:
i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for certificate revocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:37.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"version": {
"version_data": [
{
"version_value": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for certificate revocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.daj.co.jp/user/ifilter/V10/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"name": "https://download.daj.co.jp/user/ifb/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V4/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V3/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"name": "https://jvn.jp/en/jp/JVN33214411/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21170",
"datePublished": "2022-03-07T09:00:37.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T02:31:59.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16181 (GCVE-0-2018-16181)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
Severity
No CVSS data available.
CWE
- HTTP header injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32155106/index.html | third-party-advisoryx_refsource_JVN |
| https://download.daj.co.jp/user/ifilter/V9/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16181",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16180 (GCVE-0-2018-16180)
Vulnerability from nvd – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32155106/index.html | third-party-advisoryx_refsource_JVN |
| https://download.daj.co.jp/user/ifilter/V9/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16180",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10860 (GCVE-0-2017-10860)
Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.daj.jp/cs/info/2017/0912/ | x_refsource_MISC |
| http://www.securityfocus.com/bid/100916 | vdb-entryx_refsource_BID |
| https://jvn.jp/en/jp/JVN75929834/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 installer" |
Affected:
timestamp of code signing is before 23 Aug 2017 (JST)
|
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "100916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100916"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 installer\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
],
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "100916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100916"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 installer\"",
"version": {
"version_data": [
{
"version_value": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "100916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100916"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10860",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10859 (GCVE-0-2017-10859)
Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.daj.jp/cs/info/2017/0912/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN75929834/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 installer" |
Affected:
timestamp of code signing is before 23 Aug 2017 (JST)
|
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 installer\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
],
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 installer\"",
"version": {
"version_data": [
{
"version_value": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10859",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10858 (GCVE-0-2017-10858)
Vulnerability from nvd – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.daj.jp/cs/info/2017/0912/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN75929834/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 install program" |
Affected:
file version 1.0.8.1 and earlier
|
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 install program\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "file version 1.0.8.1 and earlier"
}
]
}
],
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 install program\" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 install program\"",
"version": {
"version_data": [
{
"version_value": "file version 1.0.8.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 install program\" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10858",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-28267 (GCVE-0-2026-28267)
Vulnerability from cvelistv5 – Published: 2026-03-09 22:28 – Updated: 2026-03-10 14:16
VLAI
Summary
Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 10 (Windows version only) |
Affected:
prior to Ver.10.02.00
|
|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to Ver.6.10.57
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for ZAQ (Windows version only) |
Affected:
prior to Ver.6.00.57
|
|
| Digital Arts Inc. | i-フィルター for プロバイダー |
Affected:
prior to Ver.2.00.30
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Digital Arts Inc. | DigitalArts@Cloud Agent (for Windows) |
Affected:
prior to Ver.1.70R01
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R13
|
|
| Inventit Inc. | MobiConnect i-FILTER Browser Option MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
|
| Fujitsu Limited | i-FILTER Browser & Cloud MultiAgent for Windows |
Affected:
prior to Ver.4.93R13
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T14:16:23.241801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T14:16:29.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.10.02.00"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.10.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.6.00.57"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.00.30"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "DigitalArts@Cloud Agent (for Windows)",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.70R01"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R13"
}
]
},
{
"product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows",
"vendor": "Inventit Inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
},
{
"product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to Ver.4.93R13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T22:28:24.535Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260309_02.pdf"
},
{
"url": "https://biz3.optim.co.jp/"
},
{
"url": "https://www.mobi-connect.net/file/ifilter/"
},
{
"url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"
},
{
"url": "https://jvn.jp/en/jp/JVN17307628/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-28267",
"datePublished": "2026-03-09T22:28:24.535Z",
"dateReserved": "2026-02-26T00:21:16.561Z",
"dateUpdated": "2026-03-10T14:16:29.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25191 (GCVE-0-2026-25191)
Vulnerability from cvelistv5 – Published: 2026-02-26 05:39 – Updated: 2026-02-26 14:24
VLAI
Summary
The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer's execution privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | FinalCode Ver.5 series |
Affected:
prior to 5.43R01
|
|
| Digital Arts Inc. | FinalCode Ver.6 series |
Affected:
prior to 6.51R01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T14:24:21.775649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:24:33.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FinalCode Ver.5 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 5.43R01"
}
]
},
{
"product": "FinalCode Ver.6 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.51R01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of FinalCode Client provided by Digital Arts Inc. contains an issue with the DLL search path. If a user is directed to place a malicious DLL file and the installer to the same directory and execute the installer, arbitrary code may be executed with the installer\u0027s execution privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T05:39:24.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260226_01.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN48498976/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25191",
"datePublished": "2026-02-26T05:39:24.457Z",
"dateReserved": "2026-02-12T07:13:34.985Z",
"dateUpdated": "2026-02-26T14:24:33.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23703 (GCVE-0-2026-23703)
Vulnerability from cvelistv5 – Published: 2026-02-26 05:39 – Updated: 2026-02-26 14:25
VLAI
Summary
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | FinalCode Ver.5 series |
Affected:
prior to 5.43R01
|
|
| Digital Arts Inc. | FinalCode Ver.6 series |
Affected:
prior to 6.51R01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T14:25:01.795668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:25:14.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FinalCode Ver.5 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 5.43R01"
}
]
},
{
"product": "FinalCode Ver.6 series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.51R01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T05:39:11.471Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20260226_01.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN48498976/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-23703",
"datePublished": "2026-02-26T05:39:11.471Z",
"dateReserved": "2026-02-12T07:13:38.504Z",
"dateUpdated": "2026-02-26T14:25:14.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57846 (GCVE-0-2025-57846)
Vulnerability from cvelistv5 – Published: 2025-08-27 05:28 – Updated: 2025-08-27 14:52
VLAI
Summary
Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-フィルター 6.0 |
Affected:
prior to 6.00.55
|
|
| Digital Arts Inc. | i-フィルター for マルチデバイス |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ZAQ |
Affected:
prior to 6.00.55 (Windows version only)
|
|
| Digital Arts Inc. | i-フィルター for ネットカフェ |
Affected:
prior to 6.10.55
|
|
| Digital Arts Inc. | i-FILTER ブラウザー&クラウド MultiAgent for Windows |
Affected:
prior to 4.93.R11
|
|
| Fujitsu Limited | FENCE-Mobile RemoteManager i-FILTER Browser Service |
Affected:
prior to 4.93R11
|
|
| OPTiM Corporation | Optimal Biz Web Filtering Powered by i-FILTER (Windows version) |
Affected:
prior to 4.93R11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:47:59.700143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:52:39.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.00.55 (Windows version only)"
}
]
},
{
"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 6.10.55"
}
]
},
{
"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "prior to 4.93.R11"
}
]
},
{
"product": "FENCE-Mobile RemoteManager i-FILTER Browser Service",
"vendor": "Fujitsu Limited",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
},
{
"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"vendor": "OPTiM Corporation",
"versions": [
{
"status": "affected",
"version": "prior to 4.93R11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T05:28:42.925Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_01.pdf"
},
{
"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl\u0026filename=information_20250827_02.pdf"
},
{
"url": "https://jvn.jp/en/jp/JVN55678602/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-57846",
"datePublished": "2025-08-27T05:28:42.925Z",
"dateReserved": "2025-08-21T04:04:10.182Z",
"dateUpdated": "2025-08-27T14:52:39.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47149 (GCVE-0-2025-47149)
Vulnerability from cvelistv5 – Published: 2025-05-23 09:09 – Updated: 2025-05-23 12:31
VLAI
Summary
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-348 - Use of less trusted source
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.10.50R01 to Ver.10.67R02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T12:31:23.795831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T12:31:36.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.10.50R01 to Ver.10.67R02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is running may be retrieved, and/or cause a denial of service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T09:09:37.277Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://download.daj.co.jp/support/detail/?page=releasenote_content\u0026division=6\u0026id=1057"
},
{
"url": "https://jvn.jp/en/jp/JVN68079883/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-47149",
"datePublished": "2025-05-23T09:09:37.277Z",
"dateReserved": "2025-05-20T13:35:31.600Z",
"dateUpdated": "2025-05-23T12:31:36.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22278 (GCVE-0-2023-22278)
Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-04 18:38
VLAI
Summary
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Authentication bypass
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | m-FILTER Ver.5 Series and Ver.4 Series |
Affected:
m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T18:38:12.014782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T18:38:15.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "m-FILTER Ver.5 Series and Ver.4 Series",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users\u0027 unintended email when email is being sent under the certain conditions. The attacks exploiting this vulnerability have been observed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN55675303/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22278",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-04-04T18:38:15.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21170 (GCVE-0-2022-21170)
Vulnerability from cvelistv5 – Published: 2022-03-07 09:00 – Updated: 2024-08-03 02:31
VLAI
Summary
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
Severity
No CVSS data available.
CWE
- Improper check for certificate revocation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://download.daj.co.jp/user/ifilter/V10/ | x_refsource_MISC |
| https://download.daj.co.jp/user/ifilter/V9/ | x_refsource_MISC |
| https://download.daj.co.jp/user/ifb/ | x_refsource_MISC |
| https://download.daj.co.jp/user/dspa/V4/ | x_refsource_MISC |
| https://download.daj.co.jp/user/dspa/V3/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN33214411/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER |
Affected:
i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for certificate revocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:37.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"version": {
"version_data": [
{
"version_value": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for certificate revocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.daj.co.jp/user/ifilter/V10/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"name": "https://download.daj.co.jp/user/ifb/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V4/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V3/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"name": "https://jvn.jp/en/jp/JVN33214411/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21170",
"datePublished": "2022-03-07T09:00:37.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T02:31:59.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16181 (GCVE-0-2018-16181)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
Severity
No CVSS data available.
CWE
- HTTP header injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32155106/index.html | third-party-advisoryx_refsource_JVN |
| https://download.daj.co.jp/user/ifilter/V9/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16181",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16180 (GCVE-0-2018-16180)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32155106/index.html | third-party-advisoryx_refsource_JVN |
| https://download.daj.co.jp/user/ifilter/V9/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Affected:
Ver.9.50R05 and earlier
|
Date Public
2019-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16180",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:37.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10859 (GCVE-0-2017-10859)
Vulnerability from cvelistv5 – Published: 2017-09-15 17:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.daj.jp/cs/info/2017/0912/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN75929834/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Digital Arts Inc. | "i-filter 6.0 installer" |
Affected:
timestamp of code signing is before 23 Aug 2017 (JST)
|
Date Public
2017-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"i-filter 6.0 installer\"",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
],
"datePublic": "2017-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-15T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"i-filter 6.0 installer\"",
"version": {
"version_data": [
{
"version_value": "timestamp of code signing is before 23 Aug 2017 (JST)"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in \"i-filter 6.0 installer\" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.daj.jp/cs/info/2017/0912/",
"refsource": "MISC",
"url": "http://www.daj.jp/cs/info/2017/0912/"
},
{
"name": "JVN#75929834",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75929834/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10859",
"datePublished": "2017-09-15T17:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2026-000036
Vulnerability from jvndb - Published: 2026-03-09 14:57 - Updated:2026-03-09 16:23
Severity
Summary
Improper file access permission settings in multiple Digital Arts products
Details
Multiple products provided by Digital Arts Inc. contains the following vulnerability.
- Incorrect default permissions (CWE-276) - CVE-2026-28267
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000036.html",
"dc:date": "2026-03-09T16:23+09:00",
"dcterms:issued": "2026-03-09T14:57+09:00",
"dcterms:modified": "2026-03-09T16:23+09:00",
"description": "Multiple products provided by Digital Arts Inc. contains the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2026-28267\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000036.html",
"sec:cpe": [
{
"#text": "cpe:/a:daj:digitalarts%40cloud_agent",
"@product": "DigitalArts@Cloud Agent",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_browser_%26_cloud_multiagent",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_installer",
"@product": "i-filter",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:i-filter_browser%26cloud_multiagent_for_windows",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:inventit",
"@product": "MobiConnect i-FILTER Browser Option",
"@vendor": "Inventit Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:optim:optimal_biz_web_filtering_powered_by_i-filter_windows",
"@product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)",
"@vendor": "OPTiM Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000036",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN17307628/index.html",
"@id": "JVN#17307628",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-28267",
"@id": "CVE-2026-28267",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper file access permission settings in multiple Digital Arts products"
}
JVNDB-2026-000029
Vulnerability from jvndb - Published: 2026-02-26 14:24 - Updated:2026-02-26 14:24
Severity
Summary
Multiple vulnerabilities in the installer of FinalCode Client
Details
The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below.
- Incorrect default permissions (CWE-276) - CVE-2026-23703
- Uncontrolled search path element (CWE-427) - CVE-2026-25191
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000029.html",
"dc:date": "2026-02-26T14:24+09:00",
"dcterms:issued": "2026-02-26T14:24+09:00",
"dcterms:modified": "2026-02-26T14:24+09:00",
"description": "The installer of FinalCode Client provided by Digital Arts Inc. contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2026-23703\u003c/li\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-25191\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000029.html",
"sec:cpe": {
"#text": "cpe:/a:daj:finalcode",
"@product": "FinalCode",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000029",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN48498976/index.html",
"@id": "JVN#48498976",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-23703",
"@id": "CVE-2026-23703",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-25191",
"@id": "CVE-2026-25191",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in the installer of FinalCode Client"
}
JVNDB-2025-000066
Vulnerability from jvndb - Published: 2025-08-27 19:50 - Updated:2025-09-29 13:45
Severity
Summary
Improper file access permission settings in multiple i-FILTER products
Details
Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability.
- Incorrect default permissions (CWE-276) - CVE-2025-57846
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000066.html",
"dc:date": "2025-09-29T13:45+09:00",
"dcterms:issued": "2025-08-27T19:50+09:00",
"dcterms:modified": "2025-09-29T13:45+09:00",
"description": "Multiple i-FILTER products provided by Digital Arts Inc. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2025-57846\u003c/li\u003e\u003c/ul\u003e\r\n\r\nKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000066.html",
"sec:cpe": [
{
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_browser_%26_cloud_multiagent",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000066",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN55678602/index.html",
"@id": "JVN#55678602",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-57846",
"@id": "CVE-2025-57846",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper file access permission settings in multiple i-FILTER products"
}
JVNDB-2025-000033
Vulnerability from jvndb - Published: 2025-05-23 15:36 - Updated:2025-05-23 15:36
Severity
Summary
Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
Details
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly.
- Improper pattern file validation (CWE-348) - CVE-2025-47149
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000033.html",
"dc:date": "2025-05-23T15:36+09:00",
"dcterms:issued": "2025-05-23T15:36+09:00",
"dcterms:modified": "2025-05-23T15:36+09:00",
"description": "The optional feature \u0027Anti-Virus \u0026 Sandbox\u0027 of i-FILTER provided by Digital Arts Inc. validates pattern files improperly.\r\n\u003cul\u003e\u003cli\u003eImproper pattern file validation (CWE-348) - CVE-2025-47149\u003c/li\u003e\u003c/ul\u003e\r\nDigital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000033.html",
"sec:cpe": {
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000033",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN68079883/index.html",
"@id": "JVN#68079883",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-47149",
"@id": "CVE-2025-47149",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper pattern file validation in i-FILTER optional feature \u0027Anti-Virus \u0026 Sandbox\u0027"
}
JVNDB-2023-000002
Vulnerability from jvndb - Published: 2023-01-06 14:57 - Updated:2023-01-06 14:57
Severity
Summary
Digital Arts m-FILTER vulnerable to improper authentication
Details
m-FILTER provided by Digital Arts Inc. is an emaill security product.
m-FILTER contains an improper authentication vulnerability (CWE-287) when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker.
Digital Arts Inc. states that attacks exploiting this vulnerability have been observed.
Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000002.html",
"dc:date": "2023-01-06T14:57+09:00",
"dcterms:issued": "2023-01-06T14:57+09:00",
"dcterms:modified": "2023-01-06T14:57+09:00",
"description": "m-FILTER provided by Digital Arts Inc. is an emaill security product.\r\nm-FILTER contains an improper authentication vulnerability (CWE-287) when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker.\r\n\r\nDigital Arts Inc. states that attacks exploiting this vulnerability have been observed.\r\n\r\nDigital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000002.html",
"sec:cpe": {
"#text": "cpe:/a:daj:m-filter",
"@product": "m-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000002",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN55675303/index.html",
"@id": "JVN#55675303",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22278",
"@id": "CVE-2023-22278",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22278",
"@id": "CVE-2023-22278",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Digital Arts m-FILTER vulnerable to improper authentication"
}
JVNDB-2022-000008
Vulnerability from jvndb - Published: 2022-03-04 14:12 - Updated:2022-03-04 14:12
Severity
Summary
i-FILTER vulnerable to improper check for certificate revocation
Details
i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation (CWE-299) .
Digital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000008.html",
"dc:date": "2022-03-04T14:12+09:00",
"dcterms:issued": "2022-03-04T14:12+09:00",
"dcterms:modified": "2022-03-04T14:12+09:00",
"description": "i-FILTER provided by Digital Arts Inc. is vulnerable to improper check for certificate revocation (CWE-299) .\r\n\r\nDigital Arts Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Digital Arts Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000008.html",
"sec:cpe": [
{
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:daj:i-filter_browser_%26_cloud_multiagent",
"@product": "i-FILTER Browser \u0026 Cloud MultiAgent for Windows",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000008",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN33214411/index.html",
"@id": "JVN#33214411",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-21170",
"@id": "CVE-2022-21170",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-21170",
"@id": "CVE-2022-21170",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "i-FILTER vulnerable to improper check for certificate revocation"
}
JVNDB-2018-000129
Vulnerability from jvndb - Published: 2018-12-07 14:30 - Updated:2019-08-27 11:45
Severity
Summary
Multiple vulnerabilities in i-FILTER
Details
i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below.
* Cross-site scripting (CWE-79) - CVE-2018-16180
* HTTP header injection (CWE-113) - CVE-2018-16181
Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000129.html",
"dc:date": "2019-08-27T11:45+09:00",
"dcterms:issued": "2018-12-07T14:30+09:00",
"dcterms:modified": "2019-08-27T11:45+09:00",
"description": "i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below.\r\n* Cross-site scripting (CWE-79) - CVE-2018-16180\r\n* HTTP header injection (CWE-113) - CVE-2018-16181\r\n\r\nKeigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000129.html",
"sec:cpe": {
"#text": "cpe:/a:daj:i-filter",
"@product": "i-FILTER",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000129",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN32155106/index.html",
"@id": "JVN#32155106",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16180",
"@id": "CVE-2018-16180",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16181",
"@id": "CVE-2018-16181",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16180",
"@id": "CVE-2018-16180",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16181",
"@id": "CVE-2018-16181",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in i-FILTER"
}
JVNDB-2017-000223
Vulnerability from jvndb - Published: 2017-09-29 13:54 - Updated:2017-09-29 13:54
Severity
Summary
Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
Details
i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000223.html",
"dc:date": "2017-09-29T13:54+09:00",
"dcterms:issued": "2017-09-29T13:54+09:00",
"dcterms:modified": "2017-09-29T13:54+09:00",
"description": "i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities. \r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000223.html",
"sec:cpe": {
"#text": "cpe:/a:daj:i-filter_installer",
"@product": "i-filter",
"@vendor": "Digital Arts Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000223",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75929834/index.html",
"@id": "JVN#75929834",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10858",
"@id": "CVE-2017-10858",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10859",
"@id": "CVE-2017-10859",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10860",
"@id": "CVE-2017-10860",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10858",
"@id": "CVE-2017-10858",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10859",
"@id": "CVE-2017-10859",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10860",
"@id": "CVE-2017-10860",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files"
}