Search
Find a vulnerability
Search criteria
12 vulnerabilities by FUJIFILM Business Innovation Corp.
CVE-2026-21408 (GCVE-0-2026-21408)
Vulnerability from nvd – Published: 2026-01-27 05:08 – Updated: 2026-01-27 20:50
VLAI
Summary
beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FUJIFILM Business Innovation Corp. | beat-access for Windows |
Affected:
version 3.0.3 and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T20:50:01.275607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:50:14.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "beat-access for Windows",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "version 3.0.3 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T05:08:20.229Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2026/0127_announce.html"
},
{
"url": "https://jvn.jp/en/jp/JVN03776126/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21408",
"datePublished": "2026-01-27T05:08:20.229Z",
"dateReserved": "2026-01-19T06:37:18.443Z",
"dateUpdated": "2026-01-27T20:50:14.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48499 (GCVE-0-2025-48499)
Vulnerability from nvd – Published: 2025-08-04 05:17 – Updated: 2025-08-07 16:05
VLAI
Summary
Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
2 references
Impacted products
14 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:39:52.400612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T16:05:44.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocuPrint CP225 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.23.02 and earlier"
}
]
},
{
"product": "DocuPrint CP228 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.23.02 and earlier"
}
]
},
{
"product": "DocuPrint CP115 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CP118 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CP116 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CP119 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CM225 fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.12.02 and earlier"
}
]
},
{
"product": "DocuPrint CM228 fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.12.02 and earlier"
}
]
},
{
"product": "DocuPrint CM115 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.01 and earlier"
}
]
},
{
"product": "DocuPrint CM118 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.01 and earlier"
}
]
},
{
"product": "Apoes 2150 N",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
},
{
"product": "Apoes 2350 NDA",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
},
{
"product": "Apoes 2150 ND",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
},
{
"product": "Apoes 2150 NDA",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T05:17:01.537Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93897456/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-48499",
"datePublished": "2025-08-04T05:17:01.537Z",
"dateReserved": "2025-07-14T05:09:53.900Z",
"dateUpdated": "2025-08-07T16:05:44.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45320 (GCVE-0-2024-45320)
Vulnerability from nvd – Published: 2025-02-18 05:20 – Updated: 2025-02-18 14:58
VLAI
Summary
Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| FUJIFILM Business Innovation Corp. | DocuPrint CP225w |
Affected:
01.22.01 and earlier
|
|
| FUJIFILM Business Innovation Corp. | DocuPrint CP228w |
Affected:
01.22.01 and earlier
|
|
| FUJIFILM Business Innovation Corp. | DocuPrint CM225fw |
Affected:
01.10.01 and earlier
|
|
| FUJIFILM Business Innovation Corp. | DocuPrint CM228fw |
Affected:
01.10.01 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T14:58:39.290272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T14:58:44.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocuPrint CP225w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.22.01 and earlier"
}
]
},
{
"product": "DocuPrint CP228w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.22.01 and earlier"
}
]
},
{
"product": "DocuPrint CM225fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.10.01 and earlier"
}
]
},
{
"product": "DocuPrint CM228fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.10.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T05:20:23.570Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0217_announce.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96297631/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45320",
"datePublished": "2025-02-18T05:20:23.570Z",
"dateReserved": "2024-08-27T01:52:28.658Z",
"dateUpdated": "2025-02-18T14:58:44.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22475 (GCVE-0-2024-22475)
Vulnerability from nvd – Published: 2024-03-18 08:03 – Updated: 2024-10-27 21:26
VLAI
Summary
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
6 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| FUJIFILM Business Innovation Corp. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| Toshiba Tec Corporation | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| RICOH COMPANY, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:18:38.595032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:26:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:09.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:03:36.146Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22475",
"datePublished": "2024-03-18T08:03:36.146Z",
"dateReserved": "2024-02-09T04:42:38.473Z",
"dateUpdated": "2024-10-27T21:26:34.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21824 (GCVE-0-2024-21824)
Vulnerability from nvd – Published: 2024-03-18 08:01 – Updated: 2024-11-07 15:26
VLAI
Summary
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper authentication
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
6 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| FUJIFILM Business Innovation Corp. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| Toshiba Tec Corporation | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| RICOH COMPANY, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:20:15.364083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:26:23.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:01:57.734Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21824",
"datePublished": "2024-03-18T08:01:57.734Z",
"dateReserved": "2024-02-09T04:42:37.389Z",
"dateUpdated": "2024-11-07T15:26:23.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43460 (GCVE-0-2022-43460)
Vulnerability from nvd – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:34
VLAI
Summary
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Storing passwords in a recoverable format
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FUJIFILM Business Innovation Corp. | Driver Distributor |
Affected:
v2.2.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/0131_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22830348/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:33:49.667259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:34:23.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Driver Distributor",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "v2.2.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator\u0027s credentials may be decrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Storing passwords in a recoverable format",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/0131_announce.html"
},
{
"url": "https://jvn.jp/en/jp/JVN22830348/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43460",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:34:23.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-21408 (GCVE-0-2026-21408)
Vulnerability from cvelistv5 – Published: 2026-01-27 05:08 – Updated: 2026-01-27 20:50
VLAI
Summary
beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FUJIFILM Business Innovation Corp. | beat-access for Windows |
Affected:
version 3.0.3 and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T20:50:01.275607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:50:14.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "beat-access for Windows",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "version 3.0.3 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "beat-access for Windows version 3.0.3 and prior contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with SYSTEM privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T05:08:20.229Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2026/0127_announce.html"
},
{
"url": "https://jvn.jp/en/jp/JVN03776126/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21408",
"datePublished": "2026-01-27T05:08:20.229Z",
"dateReserved": "2026-01-19T06:37:18.443Z",
"dateUpdated": "2026-01-27T20:50:14.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48499 (GCVE-0-2025-48499)
Vulnerability from cvelistv5 – Published: 2025-08-04 05:17 – Updated: 2025-08-07 16:05
VLAI
Summary
Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
2 references
Impacted products
14 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T16:39:52.400612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T16:05:44.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocuPrint CP225 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.23.02 and earlier"
}
]
},
{
"product": "DocuPrint CP228 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.23.02 and earlier"
}
]
},
{
"product": "DocuPrint CP115 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CP118 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CP116 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CP119 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.00 and earlier"
}
]
},
{
"product": "DocuPrint CM225 fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.12.02 and earlier"
}
]
},
{
"product": "DocuPrint CM228 fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.12.02 and earlier"
}
]
},
{
"product": "DocuPrint CM115 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.01 and earlier"
}
]
},
{
"product": "DocuPrint CM118 w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.09.01 and earlier"
}
]
},
{
"product": "Apoes 2150 N",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
},
{
"product": "Apoes 2350 NDA",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
},
{
"product": "Apoes 2150 ND",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
},
{
"product": "Apoes 2150 NDA",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.00.47 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T05:17:01.537Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93897456/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-48499",
"datePublished": "2025-08-04T05:17:01.537Z",
"dateReserved": "2025-07-14T05:09:53.900Z",
"dateUpdated": "2025-08-07T16:05:44.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45320 (GCVE-0-2024-45320)
Vulnerability from cvelistv5 – Published: 2025-02-18 05:20 – Updated: 2025-02-18 14:58
VLAI
Summary
Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds write
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| FUJIFILM Business Innovation Corp. | DocuPrint CP225w |
Affected:
01.22.01 and earlier
|
|
| FUJIFILM Business Innovation Corp. | DocuPrint CP228w |
Affected:
01.22.01 and earlier
|
|
| FUJIFILM Business Innovation Corp. | DocuPrint CM225fw |
Affected:
01.10.01 and earlier
|
|
| FUJIFILM Business Innovation Corp. | DocuPrint CM228fw |
Affected:
01.10.01 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T14:58:39.290272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T14:58:44.985Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DocuPrint CP225w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.22.01 and earlier"
}
]
},
{
"product": "DocuPrint CP228w",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.22.01 and earlier"
}
]
},
{
"product": "DocuPrint CM225fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.10.01 and earlier"
}
]
},
{
"product": "DocuPrint CM228fw",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "01.10.01 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in DocuPrint CP225w 01.22.01 and earlier, DocuPrint CP228w 01.22.01 and earlier, DocuPrint CM225fw 01.10.01 and earlier, and DocuPrint CM228fw 01.10.01 and earlier. If an affected MFP processes a specially crafted printer job file, a denial-of-service (DoS) condition may occur."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds write",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T05:20:23.570Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0217_announce.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU96297631/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45320",
"datePublished": "2025-02-18T05:20:23.570Z",
"dateReserved": "2024-08-27T01:52:28.658Z",
"dateUpdated": "2025-02-18T14:58:44.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22475 (GCVE-0-2024-22475)
Vulnerability from cvelistv5 – Published: 2024-03-18 08:03 – Updated: 2024-10-27 21:26
VLAI
Summary
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
6 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| FUJIFILM Business Innovation Corp. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| Toshiba Tec Corporation | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| RICOH COMPANY, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:18:38.595032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:26:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:09.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:03:36.146Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22475",
"datePublished": "2024-03-18T08:03:36.146Z",
"dateReserved": "2024-02-09T04:42:38.473Z",
"dateUpdated": "2024-10-27T21:26:34.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21824 (GCVE-0-2024-21824)
Vulnerability from cvelistv5 – Published: 2024-03-18 08:01 – Updated: 2024-11-07 15:26
VLAI
Summary
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Improper authentication
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
6 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| FUJIFILM Business Innovation Corp. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| Toshiba Tec Corporation | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
|
| RICOH COMPANY, LTD. | Multiple printers and scanners |
Affected:
see the information provided by the vendor
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:20:15.364083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:26:23.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:01:57.734Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21824",
"datePublished": "2024-03-18T08:01:57.734Z",
"dateReserved": "2024-02-09T04:42:37.389Z",
"dateUpdated": "2024-11-07T15:26:23.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43460 (GCVE-0-2022-43460)
Vulnerability from cvelistv5 – Published: 2023-02-13 00:00 – Updated: 2025-03-21 18:34
VLAI
Summary
Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Storing passwords in a recoverable format
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FUJIFILM Business Innovation Corp. | Driver Distributor |
Affected:
v2.2.3.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:58.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/0131_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN22830348/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T18:33:49.667259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T18:34:23.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Driver Distributor",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "v2.2.3.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator\u0027s credentials may be decrypted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Storing passwords in a recoverable format",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-13T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2023/0131_announce.html"
},
{
"url": "https://jvn.jp/en/jp/JVN22830348/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-43460",
"datePublished": "2023-02-13T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-03-21T18:34:23.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}