Search

Find a vulnerability

Search criteria

    6 vulnerabilities by Extra Innovation Inc.

    CVE-2021-46686 (GCVE-0-2021-46686)

    Vulnerability from nvd – Published: 2025-02-17 23:58 – Updated: 2025-02-18 15:41
    VLAI
    Summary
    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T15:40:35.495948Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T15:41:25.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "acmailer CGI",
              "vendor": "Extra Innovation Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "ver.4.0.3 and earlier"
                }
              ]
            },
            {
              "product": "acmailer DB",
              "vendor": "Extra Innovation Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "ver.1.1.5 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-17T23:58:10.727Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://acmailer.jp/info/de.cgi?id=103"
            },
            {
              "url": "https://www.acmailer.jp/info/de.cgi?id=102"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN96957439/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-46686",
        "datePublished": "2025-02-17T23:58:10.727Z",
        "dateReserved": "2025-02-12T07:20:49.360Z",
        "dateUpdated": "2025-02-18T15:41:25.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49780 (GCVE-0-2023-49780)

    Vulnerability from nvd – Published: 2025-02-12 07:42 – Updated: 2025-02-18 17:39
    VLAI
    Summary
    Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Extra Innovation Inc. acmailer CGI Affected: ver.4.0.5 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:46:54.875439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:39:45.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "acmailer CGI",
              "vendor": "Extra Innovation Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "ver.4.0.5 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-12T07:42:56.826Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://acmailer.jp/info/de.cgi?id=113"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN84319378/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49780",
        "datePublished": "2025-02-12T07:42:56.826Z",
        "dateReserved": "2025-02-07T06:34:04.219Z",
        "dateUpdated": "2025-02-18T17:39:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-46686 (GCVE-0-2021-46686)

    Vulnerability from cvelistv5 – Published: 2025-02-17 23:58 – Updated: 2025-02-18 15:41
    VLAI
    Summary
    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-46686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T15:40:35.495948Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T15:41:25.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "acmailer CGI",
              "vendor": "Extra Innovation Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "ver.4.0.3 and earlier"
                }
              ]
            },
            {
              "product": "acmailer DB",
              "vendor": "Extra Innovation Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "ver.1.1.5 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-17T23:58:10.727Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://acmailer.jp/info/de.cgi?id=103"
            },
            {
              "url": "https://www.acmailer.jp/info/de.cgi?id=102"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN96957439/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-46686",
        "datePublished": "2025-02-17T23:58:10.727Z",
        "dateReserved": "2025-02-12T07:20:49.360Z",
        "dateUpdated": "2025-02-18T15:41:25.766Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49780 (GCVE-0-2023-49780)

    Vulnerability from cvelistv5 – Published: 2025-02-12 07:42 – Updated: 2025-02-18 17:39
    VLAI
    Summary
    Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Extra Innovation Inc. acmailer CGI Affected: ver.4.0.5 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49780",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:46:54.875439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:39:45.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "acmailer CGI",
              "vendor": "Extra Innovation Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "ver.4.0.5 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-12T07:42:56.826Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://acmailer.jp/info/de.cgi?id=113"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN84319378/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49780",
        "datePublished": "2025-02-12T07:42:56.826Z",
        "dateReserved": "2025-02-07T06:34:04.219Z",
        "dateUpdated": "2025-02-18T17:39:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000013

    Vulnerability from jvndb - Published: 2025-02-14 16:39 - Updated:2025-02-14 16:39
    Severity
    Summary
    acmailer CGI and acmailer DB vulnerable to OS command injection
    Details
    acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability (CWE-78). Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the Information Security Early Warning Partnership. JPCERT/CC Addendum The version fixing this vulnerability has been released on 2021. This JVN is published responding to the developer's notification to JPCERT/CC on 2025 about the vulnerability and the product update information.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000013.html",
      "dc:date": "2025-02-14T16:39+09:00",
      "dcterms:issued": "2025-02-14T16:39+09:00",
      "dcterms:modified": "2025-02-14T16:39+09:00",
      "description": "acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability (CWE-78).\r\n\r\nExtra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the Information Security Early Warning Partnership.\r\n\r\n\u003cb\u003eJPCERT/CC Addendum\u003c/b\u003e\r\nThe version fixing this vulnerability has been released on 2021.\r\nThis JVN is published responding to the developer\u0027s notification to JPCERT/CC on 2025 about the vulnerability and the product update information.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000013.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:extrainnovation_acmailer",
        "@product": "acmailer",
        "@vendor": "Extra Innovation Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000013",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN96957439/index.html",
          "@id": "JVN#96957439",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2021-46686",
          "@id": "CVE-2021-46686",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "acmailer CGI and acmailer DB vulnerable to OS command injection"
    }

    JVNDB-2025-000010

    Vulnerability from jvndb - Published: 2025-02-12 15:05 - Updated:2025-02-12 15:05
    Severity
    Summary
    acmailer vulnerable to cross-site scripting
    Details
    acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability (CWE-79). This vulnerability was reported to IPA, and JPCERT/CC started coordination with the developer in 2023. The developer released the fixed version on 2023. The coordination between JPCERT/CC and the developer completed and this JVN is published on 2025. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000010.html",
      "dc:date": "2025-02-12T15:05+09:00",
      "dcterms:issued": "2025-02-12T15:05+09:00",
      "dcterms:modified": "2025-02-12T15:05+09:00",
      "description": "acmailer provided by Extra Innovation Inc. contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nThis vulnerability was reported to IPA, and JPCERT/CC started coordination with the developer in 2023.\r\nThe developer released the fixed version on 2023.\r\nThe coordination between JPCERT/CC and the developer completed and this JVN is published on 2025.\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000010.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:extrainnovation_acmailer",
        "@product": "acmailer",
        "@vendor": "Extra Innovation Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.1",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000010",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN84319378/index.html",
          "@id": "JVN#84319378",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-49780",
          "@id": "CVE-2023-49780",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "acmailer vulnerable to cross-site scripting"
    }