Search

Find a vulnerability

Search criteria

    11 vulnerabilities by FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)

    JVNDB-2026-000011

    Vulnerability from jvndb - Published: 2026-01-27 18:22 - Updated:2026-01-27 18:22
    Severity
    Summary
    beat-access for Windows may insecurely load Dynamic Link Libraries
    Details
    beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries.
    • Uncontrolled search path element (CWE-427) - CVE-2026-21408
    Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000011.html",
      "dc:date": "2026-01-27T18:22+09:00",
      "dcterms:issued": "2026-01-27T18:22+09:00",
      "dcterms:modified": "2026-01-27T18:22+09:00",
      "description": "beat-access for Windows provided by FUJIFILM Business Innovation Corp. contains the following vulnerability which may lead to insecurely loading Dynamic Link Libraries.\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-21408\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000011.html",
      "sec:cpe": {
        "#text": "cpe:/a:fuji_xerox:beat-access",
        "@product": "beat-access",
        "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.3",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000011",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN03776126/index.html",
          "@id": "JVN#03776126",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-21408",
          "@id": "CVE-2026-21408",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "beat-access for Windows may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2025-010603

    Vulnerability from jvndb - Published: 2025-08-05 11:29 - Updated:2025-08-05 11:29
    Severity
    Summary
    Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs
    Details
    Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain the following vulnerability.
    • Out-of-bounds Write (CWE-787) - CVE-2025-48499
    Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan of School of Cyber Science and Technology of Beihang University reported this vulnerability to FUJIFILM Business Innovation Corp. and coordinated. After the coordination was completed, FUJIFILM Business Innovation Corp. reported the case to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010603.html",
      "dc:date": "2025-08-05T11:29+09:00",
      "dcterms:issued": "2025-08-05T11:29+09:00",
      "dcterms:modified": "2025-08-05T11:29+09:00",
      "description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eOut-of-bounds Write (CWE-787) - CVE-2025-48499\u003c/li\u003e\u003c/ul\u003e\r\nJia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan of School of Cyber Science and Technology of Beihang University reported this vulnerability to FUJIFILM Business Innovation Corp. and coordinated. After the coordination was completed, FUJIFILM Business Innovation Corp. reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010603.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:fuji_xerox:apeos",
          "@product": "Apeos",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:fuji_xerox:docuprint",
          "@product": "DocuPrint",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-010603",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU93897456/index.html",
          "@id": "JVNVU#93897456",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-48499",
          "@id": "CVE-2025-48499",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/787.html",
          "@id": "CWE-787",
          "@title": "Out-of-bounds Write(CWE-787)"
        }
      ],
      "title": "Out-of-bounds write vulnerability in FUJIFILM Business Innovation MFPs"
    }

    JVNDB-2025-001563

    Vulnerability from jvndb - Published: 2025-02-18 16:33 - Updated:2025-02-18 16:33
    Severity
    Summary
    Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs
    Details
    Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability (CWE-787, CVE-2024-45320) due to a flaw in verifying the length of data. Jia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and Jian-Wei Liu from School of Cyber Science and Technology of Beihang University directly reported this vulnerability to FUJIFILM Business Innovation Corp. FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination of this case.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001563.html",
      "dc:date": "2025-02-18T16:33+09:00",
      "dcterms:issued": "2025-02-18T16:33+09:00",
      "dcterms:modified": "2025-02-18T16:33+09:00",
      "description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. contain an out-of-bounds vulnerability (CWE-787, CVE-2024-45320) due to a flaw in verifying the length of data.\r\n\r\nJia-Ju Bai, Rui-Nan Hu, Cheng Li, Dong Zhang, Yu-Chen Sun, Wen-Han Xu, Zhen-Yu Guan, and Jian-Wei Liu from School of Cyber Science and Technology of Beihang University directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination of this case.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-001563.html",
      "sec:cpe": {
        "#text": "cpe:/h:fuji_xerox:docuprint",
        "@product": "DocuPrint",
        "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "6.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-001563",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU96297631/",
          "@id": "JVNVU#96297631",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45320",
          "@id": "CVE-2024-45320",
          "@source": "CVE"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/787.html",
          "@id": "CWE-787",
          "@title": "Out-of-bounds Write(CWE-787)"
        }
      ],
      "title": "Out-of-bounds write vulnerability in FUJIFILM Business Innovation Corp. MFPs"
    }

    JVNDB-2024-000027

    Vulnerability from jvndb - Published: 2024-03-06 18:24 - Updated:2024-03-06 18:24
    Severity
    Summary
    FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
    Details
    Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352). Junnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
      "dc:date": "2024-03-06T18:24+09:00",
      "dcterms:issued": "2024-03-06T18:24+09:00",
      "dcterms:modified": "2024-03-06T18:24+09:00",
      "description": "Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nJunnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
      "sec:cpe": {
        "#text": "cpe:/a:fuji_xerox:multiple_product",
        "@product": "(multiple product)",
        "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.5",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000027",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN34328023/index.html",
          "@id": "JVN#34328023",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-27974",
          "@id": "CVE-2024-27974",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery"
    }

    JVNDB-2023-004919

    Vulnerability from jvndb - Published: 2023-11-02 17:21 - Updated:2024-05-07 15:25
    Severity
    Summary
    FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
    Details
    Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391). Kunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp. FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
      "dc:date": "2024-05-07T15:25+09:00",
      "dcterms:issued": "2023-11-02T17:21+09:00",
      "dcterms:modified": "2024-05-07T15:25+09:00",
      "description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).\r\n\r\nKunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:fuji_xerox:multiple_product",
          "@product": "(multiple product)",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:xerox:multiple_product",
          "@product": "(multiple product)",
          "@vendor": "Xerox",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "5.4",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2023-004919",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU96482726/",
          "@id": "JVNVU#96482726",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-46327",
          "@id": "CVE-2023-46327",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46327",
          "@id": "CVE-2023-46327",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/1391.html",
          "@id": "CWE-1391",
          "@title": "Use of Weak Credentials(CWE-1391)"
        }
      ],
      "title": "FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength"
    }

    JVNDB-2023-000012

    Vulnerability from jvndb - Published: 2023-01-31 14:14 - Updated:2024-06-12 11:07
    Severity
    Summary
    Vulnerability in Driver Distributor where passwords are stored in a recoverable format
    Details
    Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format (CWE-257). Sato Ryo, Yokoi Hiroshi, and Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000012.html",
      "dc:date": "2024-06-12T11:07+09:00",
      "dcterms:issued": "2023-01-31T14:14+09:00",
      "dcterms:modified": "2024-06-12T11:07+09:00",
      "description": "Driver Distributor provided by FUJIFILM Business Innovation Corp. contains a vulnerability where passwords are stored in a recoverable format (CWE-257).\r\n\r\nSato Ryo, Yokoi Hiroshi, and Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000012.html",
      "sec:cpe": {
        "#text": "cpe:/a:fuji_xerox:driver_distributor",
        "@product": "Driver Distribution Tool",
        "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.1",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.2",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000012",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN22830348/index.html",
          "@id": "JVN#22830348",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43460",
          "@id": "CVE-2022-43460",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43460",
          "@id": "CVE-2022-43460",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Vulnerability in Driver Distributor where passwords are stored in a recoverable format"
    }

    JVNDB-2021-000026

    Vulnerability from jvndb - Published: 2021-03-19 15:32 - Updated:2021-04-12 13:30
    Severity
    Summary
    Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
    Details
    Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability. Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000026.html",
      "dc:date": "2021-04-12T13:30+09:00",
      "dcterms:issued": "2021-03-19T15:32+09:00",
      "dcterms:modified": "2021-04-12T13:30+09:00",
      "description": "Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability.\r\n\r\nMasahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000026.html",
      "sec:cpe": {
        "#text": "cpe:/a:fuji_xerox:multiple_product",
        "@product": "(multiple product)",
        "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000026",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN37607293/index.html",
          "@id": "JVN#37607293",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20679",
          "@id": "CVE-2021-20679",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20679",
          "@id": "CVE-2021-20679",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)"
    }

    JVNDB-2020-000008

    Vulnerability from jvndb - Published: 2020-01-31 12:30 - Updated:2021-04-12 13:30
    Severity
    Summary
    AWMS Mobile App vulnerable to improper server certificate verification
    Details
    AWMS Mobile App is vulnerable to improper server certificate verification (CWE-295). Dai Nakamura of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000008.html",
      "dc:date": "2021-04-12T13:30+09:00",
      "dcterms:issued": "2020-01-31T12:30+09:00",
      "dcterms:modified": "2021-04-12T13:30+09:00",
      "description": "AWMS Mobile App is vulnerable to improper server certificate verification (CWE-295).\r\n\r\nDai Nakamura of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000008.html",
      "sec:cpe": {
        "#text": "cpe:/a:fuji_xerox:awms_mobile",
        "@product": "AWMS Mobile",
        "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000008",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN00014057/index.html",
          "@id": "JVN#00014057",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5526",
          "@id": "CVE-2020-5526",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5526",
          "@id": "CVE-2020-5526",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "AWMS Mobile App vulnerable to improper server certificate verification"
    }

    JVNDB-2020-000006

    Vulnerability from jvndb - Published: 2020-01-21 13:55 - Updated:2020-01-21 13:55
    Severity
    Summary
    Multiple Fuji Xerox mobile applications fails to verify SSL server certificates
    Details
    Multiple Fuji Xerox mobile applications fail to verify SSL server certificates (CWE-295). Hirotaka Niisato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000006.html",
      "dc:date": "2020-01-21T13:55+09:00",
      "dcterms:issued": "2020-01-21T13:55+09:00",
      "dcterms:modified": "2020-01-21T13:55+09:00",
      "description": "Multiple Fuji Xerox mobile applications fail to verify SSL server certificates (CWE-295).\r\n\r\nHirotaka Niisato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000006.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:fuji_xerox:easy_netprint",
          "@product": "Easy netprint",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:fuji_xerox:netprint",
          "@product": "netprint",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000006",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN66435380/index.html",
          "@id": "JVN#66435380",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5520",
          "@id": "CVE-2020-5520",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5521",
          "@id": "CVE-2020-5521",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5522",
          "@id": "CVE-2020-5522",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5520",
          "@id": "CVE-2020-5520",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5521",
          "@id": "CVE-2020-5521",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5522",
          "@id": "CVE-2020-5522",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple Fuji Xerox mobile applications fails to verify SSL server certificates"
    }

    JVNDB-2019-000052

    Vulnerability from jvndb - Published: 2019-08-15 14:29 - Updated:2021-04-12 13:30
    Severity
    Summary
    ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability
    Details
    ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution. These software products contain an open redirect vulnerability (CWE-601). KOBAYASHI Haruki of Cryptography Laboratory, Department of Information and Communication Engineering, Graduate School of Tokyo Denki University and NAKAMURA Dai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000052.html",
      "dc:date": "2021-04-12T13:30+09:00",
      "dcterms:issued": "2019-08-15T14:29+09:00",
      "dcterms:modified": "2021-04-12T13:30+09:00",
      "description": "ApeosWare Management Suite and ApeosWare Management Suite 2 provided by Fuji Xerox Co.,Ltd. are software products to manage devices and their usages; providing authentication, printing, log accounting, and document distribution.\r\nThese software products contain an open redirect vulnerability (CWE-601).\r\n\r\nKOBAYASHI Haruki of Cryptography Laboratory, Department of Information and Communication Engineering, Graduate School of Tokyo Denki University and NAKAMURA Dai of Cryptography Laboratory, Department of Information and Communication Engineering, Tokyo Denki University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000052.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:fuji_xerox:apeosware_management_suite",
          "@product": "ApeosWare Management Suite",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:fuji_xerox:apeosware_management_suite_2",
          "@product": "ApeosWare Management Suite 2",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2019-000052",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN07679150/index.html",
          "@id": "JVN#07679150",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6004",
          "@id": "CVE-2019-6004",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6004",
          "@id": "CVE-2019-6004",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "ApeosWare Management Suite and ApeosWare Management Suite 2 contain open redirect vulnerability"
    }

    JVNDB-2017-000219

    Vulnerability from jvndb - Published: 2017-08-31 16:35 - Updated:2021-04-12 13:30
    Severity
    Summary
    Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries
    Details
    Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html",
      "dc:date": "2021-04-12T13:30+09:00",
      "dcterms:issued": "2017-08-31T16:35+09:00",
      "dcterms:modified": "2021-04-12T13:30+09:00",
      "description": "Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000219.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:fuji_xerox:contentsbridge_utility",
          "@product": "ContentsBridge Utility",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:fuji_xerox:docuworks",
          "@product": "DocuWorks",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:fuji_xerox:docuworks_viewer_light",
          "@product": "DocuWorks Viewer Light",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:fuji_xerox:apeosport-vi",
          "@product": "ApeosPort-VI",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:fuji_xerox:docucentre-vi",
          "@product": "DocuCentre-VI",
          "@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000219",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN09769017/index.html",
          "@id": "JVN#09769017",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10848",
          "@id": "CVE-2017-10848",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10849",
          "@id": "CVE-2017-10849",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10850",
          "@id": "CVE-2017-10850",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10851",
          "@id": "CVE-2017-10851",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10848",
          "@id": "CVE-2017-10848",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10849",
          "@id": "CVE-2017-10849",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10850",
          "@id": "CVE-2017-10850",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10851",
          "@id": "CVE-2017-10851",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries"
    }