Search
Find a vulnerability
Search criteria
11 vulnerabilities by FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)
JVNDB-2026-000011
Vulnerability from jvndb - Published: 2026-01-27 18:22 - Updated:2026-01-27 18:22
Severity
Summary
beat-access for Windows may insecurely load Dynamic Link Libraries
Details
beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries.
- Uncontrolled search path element (CWE-427) - CVE-2026-21408
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000011.html",
"dc:date": "2026-01-27T18:22+09:00",
"dcterms:issued": "2026-01-27T18:22+09:00",
"dcterms:modified": "2026-01-27T18:22+09:00",
"description": "beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries.\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-21408\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000011.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:beat-access",
"@product": "beat-access",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000011",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN03776126/index.html",
"@id": "JVN#03776126",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-21408",
"@id": "CVE-2026-21408",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "beat-access for Windows may insecurely load Dynamic Link Libraries"
}
JVNDB-2025-010603
Vulnerability from jvndb - Published: 2025-08-05 11:29 - Updated:2025-08-05 11:29
Severity
Summary
Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs
Details
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain the following vulnerability.
- Out-of-bounds Write (CWE-787) - CVE-2025-48499
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010603.html",
"dc:date": "2025-08-05T11:29+09:00",
"dcterms:issued": "2025-08-05T11:29+09:00",
"dcterms:modified": "2025-08-05T11:29+09:00",
"description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eOut-of-bounds Write (CWE-787) - CVE-2025-48499\u003c/li\u003e\u003c/ul\u003e\r\nJia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan of School of Cyber Science and Technology of Beihang University reported this vulnerability to FUJIFILM Business Innovation Corp. and coordinated. After the coordination was completed, FUJIFILM Business Innovation Corp. reported the case to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010603.html",
"sec:cpe": [
{
"#text": "cpe:/h:fuji_xerox:apeos",
"@product": "Apeos",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/h:fuji_xerox:docuprint",
"@product": "DocuPrint",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-010603",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU93897456/index.html",
"@id": "JVNVU#93897456",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-48499",
"@id": "CVE-2025-48499",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs"
}
JVNDB-2025-001563
Vulnerability from jvndb - Published: 2025-02-18 16:33 - Updated:2025-02-18 16:33
Severity
Summary
Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs
Details
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability (CWE-787, CVE-2024-45320) due to a flaw in verifying the length of data.
Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and Jian-Wei Liu from School of Cyber Science and Technology of Beihang University directly reported this vulnerability to FUJIFILM Business Innovation Corp.
FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination of this case.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001563.html",
"dc:date": "2025-02-18T16:33+09:00",
"dcterms:issued": "2025-02-18T16:33+09:00",
"dcterms:modified": "2025-02-18T16:33+09:00",
"description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability (CWE-787, CVE-2024-45320) due to a flaw in verifying the length of data.\r\n\r\nJia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and Jian-Wei Liu from School of Cyber Science and Technology of Beihang University directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination of this case.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001563.html",
"sec:cpe": {
"#text": "cpe:/h:fuji_xerox:docuprint",
"@product": "DocuPrint",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-001563",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96297631/",
"@id": "JVNVU#96297631",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-45320",
"@id": "CVE-2024-45320",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/787.html",
"@id": "CWE-787",
"@title": "Out-of-bounds Write(CWE-787)"
}
],
"title": "Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs"
}
JVNDB-2024-000027
Vulnerability from jvndb - Published: 2024-03-06 18:24 - Updated:2024-03-06 18:24
Severity
Summary
FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
Details
Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).
Junnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
"dc:date": "2024-03-06T18:24+09:00",
"dcterms:issued": "2024-03-06T18:24+09:00",
"dcterms:modified": "2024-03-06T18:24+09:00",
"description": "Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nJunnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN34328023/index.html",
"@id": "JVN#34328023",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27974",
"@id": "CVE-2024-27974",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery"
}
JVNDB-2023-004919
Vulnerability from jvndb - Published: 2023-11-02 17:21 - Updated:2024-05-07 15:25
Severity
Summary
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
Details
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).
Kunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.
FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
"dc:date": "2024-05-07T15:25+09:00",
"dcterms:issued": "2023-11-02T17:21+09:00",
"dcterms:modified": "2024-05-07T15:25+09:00",
"description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).\r\n\r\nKunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
"sec:cpe": [
{
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "Xerox",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-004919",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96482726/",
"@id": "JVNVU#96482726",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-46327",
"@id": "CVE-2023-46327",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46327",
"@id": "CVE-2023-46327",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1391.html",
"@id": "CWE-1391",
"@title": "Use of Weak Credentials(CWE-1391)"
}
],
"title": "FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength"
}
JVNDB-2023-000012
Vulnerability from jvndb - Published: 2023-01-31 14:14 - Updated:2024-06-12 11:07
Severity
Summary
Vulnerability in Driver Distributor where passwords are stored in a recoverable format
Details
Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format (CWE-257).
Sato Ryo, Yokoi Hiroshi, and Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000012.html",
"dc:date": "2024-06-12T11:07+09:00",
"dcterms:issued": "2023-01-31T14:14+09:00",
"dcterms:modified": "2024-06-12T11:07+09:00",
"description": "Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format (CWE-257).\r\n\r\nSato Ryo, Yokoi Hiroshi, and Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000012.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:driver_distributor",
"@product": "Driver Distribution Tool",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "6.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000012",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN22830348/index.html",
"@id": "JVN#22830348",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43460",
"@id": "CVE-2022-43460",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43460",
"@id": "CVE-2022-43460",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Vulnerability in Driver Distributor where passwords are stored in a recoverable format"
}
JVNDB-2021-000026
Vulnerability from jvndb - Published: 2021-03-19 15:32 - Updated:2021-04-12 13:30
Severity
Summary
Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
Details
Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability.
Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000026.html",
"dc:date": "2021-04-12T13:30+09:00",
"dcterms:issued": "2021-03-19T15:32+09:00",
"dcterms:modified": "2021-04-12T13:30+09:00",
"description": "Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability.\r\n\r\nMasahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000026.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000026",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37607293/index.html",
"@id": "JVN#37607293",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20679",
"@id": "CVE-2021-20679",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20679",
"@id": "CVE-2021-20679",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)"
}
JVNDB-2020-000008
Vulnerability from jvndb - Published: 2020-01-31 12:30 - Updated:2021-04-12 13:30
Severity
Summary
AWMS Mobile App vulnerable to improper server certificate verification
Details
AWMS Mobile App is vulnerable to improper server certificate verification (CWE-295).
Dai Nakamura of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000008.html",
"dc:date": "2021-04-12T13:30+09:00",
"dcterms:issued": "2020-01-31T12:30+09:00",
"dcterms:modified": "2021-04-12T13:30+09:00",
"description": "AWMS Mobile App is vulnerable to improper server certificate verification (CWE-295).\r\n\r\nDai Nakamura of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000008.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:awms_mobile",
"@product": "AWMS Mobile",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000008",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN00014057/index.html",
"@id": "JVN#00014057",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5526",
"@id": "CVE-2020-5526",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5526",
"@id": "CVE-2020-5526",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "AWMS Mobile App vulnerable to improper server certificate verification"
}
JVNDB-2020-000006
Vulnerability from jvndb - Published: 2020-01-21 13:55 - Updated:2020-01-21 13:55
Severity
Summary
Multiple Fuji Xerox mobile applications fails to verify SSL server certificates
Details
Multiple Fuji Xerox mobile applications fail to verify SSL server certificates (CWE-295).
Hirotaka Niisato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000006.html",
"dc:date": "2020-01-21T13:55+09:00",
"dcterms:issued": "2020-01-21T13:55+09:00",
"dcterms:modified": "2020-01-21T13:55+09:00",
"description": "Multiple Fuji Xerox mobile applications fail to verify SSL server certificates (CWE-295).\r\n\r\nHirotaka Niisato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000006.html",
"sec:cpe": [
{
"#text": "cpe:/a:fuji_xerox:easy_netprint",
"@product": "Easy netprint",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:fuji_xerox:netprint",
"@product": "netprint",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000006",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN66435380/index.html",
"@id": "JVN#66435380",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5520",
"@id": "CVE-2020-5520",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5521",
"@id": "CVE-2020-5521",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5522",
"@id": "CVE-2020-5522",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5520",
"@id": "CVE-2020-5520",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5521",
"@id": "CVE-2020-5521",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5522",
"@id": "CVE-2020-5522",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple Fuji Xerox mobile applications fails to verify SSL server certificates"
}
JVNDB-2019-000052
Vulnerability from jvndb - Published: 2019-08-15 14:29 - Updated:2021-04-12 13:30
Severity
Summary
ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability
Details
ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution.
These software products contain an open redirect vulnerability (CWE-601).
KOBAYASHI Haruki of Cryptography Laboratory, Department of Information and Communication Engineering, Graduate School of Tokyo Denki University and NAKAMURA Dai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000052.html",
"dc:date": "2021-04-12T13:30+09:00",
"dcterms:issued": "2019-08-15T14:29+09:00",
"dcterms:modified": "2021-04-12T13:30+09:00",
"description": "ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution.\r\nThese software products contain an open redirect vulnerability (CWE-601).\r\n\r\nKOBAYASHI Haruki of Cryptography Laboratory, Department of Information and Communication Engineering, Graduate School of Tokyo Denki University and NAKAMURA Dai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000052.html",
"sec:cpe": [
{
"#text": "cpe:/a:fuji_xerox:apeosware_management_suite",
"@product": "ApeosWare Management Suite",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:fuji_xerox:apeosware_management_suite_2",
"@product": "ApeosWare Management Suite 2",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000052",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN07679150/index.html",
"@id": "JVN#07679150",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6004",
"@id": "CVE-2019-6004",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6004",
"@id": "CVE-2019-6004",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability"
}
JVNDB-2017-000219
Vulnerability from jvndb - Published: 2017-08-31 16:35 - Updated:2021-04-12 13:30
Severity
Summary
Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries
Details
Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html",
"dc:date": "2021-04-12T13:30+09:00",
"dcterms:issued": "2017-08-31T16:35+09:00",
"dcterms:modified": "2021-04-12T13:30+09:00",
"description": "Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html",
"sec:cpe": [
{
"#text": "cpe:/a:fuji_xerox:contentsbridge_utility",
"@product": "ContentsBridge Utility",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:fuji_xerox:docuworks",
"@product": "DocuWorks",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:fuji_xerox:docuworks_viewer_light",
"@product": "DocuWorks Viewer Light",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/h:fuji_xerox:apeosport-vi",
"@product": "ApeosPort-VI",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/h:fuji_xerox:docucentre-vi",
"@product": "DocuCentre-VI",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000219",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN09769017/index.html",
"@id": "JVN#09769017",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10848",
"@id": "CVE-2017-10848",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10849",
"@id": "CVE-2017-10849",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10850",
"@id": "CVE-2017-10850",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10851",
"@id": "CVE-2017-10851",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10848",
"@id": "CVE-2017-10848",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10849",
"@id": "CVE-2017-10849",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10850",
"@id": "CVE-2017-10850",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10851",
"@id": "CVE-2017-10851",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries"
}