Search
Find a vulnerability
Search criteria
16 vulnerabilities by Hammock Corporation
CVE-2025-27244 (GCVE-0-2025-27244)
Vulnerability from nvd – Published: 2025-04-02 03:21 – Updated: 2025-04-02 15:41
VLAI
Summary
AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of sensitive information into sent data
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.3.4.3004 (13.3.4K)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:30:04.477226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:41:04.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.3.4.3004 (13.3.4K)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of sensitive information into sent data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T03:21:11.828Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.hammock.jp/assetview/info/250325.html"
},
{
"url": "https://jvn.jp/en/jp/JVN26321838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27244",
"datePublished": "2025-04-02T03:21:11.828Z",
"dateReserved": "2025-03-07T06:04:10.352Z",
"dateUpdated": "2025-04-02T15:41:04.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25060 (GCVE-0-2025-25060)
Vulnerability from nvd – Published: 2025-04-02 03:20 – Updated: 2025-04-02 16:04
VLAI
Summary
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.3.4.3004 (13.3.4K)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:44:53.916896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:04:49.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.3.4.3004 (13.3.4K)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T03:20:54.826Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.hammock.jp/assetview/info/250325.html"
},
{
"url": "https://jvn.jp/en/jp/JVN26321838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25060",
"datePublished": "2025-04-02T03:20:54.826Z",
"dateReserved": "2025-03-07T06:04:12.829Z",
"dateUpdated": "2025-04-02T16:04:49.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from nvd – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28719 (GCVE-0-2022-28719)
Vulnerability from nvd – Published: 2022-04-28 08:25 – Updated: 2024-08-03 06:03
VLAI
Summary
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
Severity
No CVSS data available.
CWE
- Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/220422.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54857505/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver.13.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver.13.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T08:25:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView",
"version": {
"version_data": [
{
"version_value": "prior to Ver.13.2.0"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/220422.html",
"refsource": "MISC",
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54857505/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28719",
"datePublished": "2022-04-28T08:25:12.000Z",
"dateReserved": "2022-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:03:52.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2241 (GCVE-0-2017-2241)
Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/170714.html | x_refsource_CONFIRM |
| http://jvn.jp/en/vu/JVNVU93377948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView for MacOS |
Affected:
Ver.9.2.0 and earlier versions
|
Date Public
2017-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView for MacOS",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.2.0 and earlier versions"
}
]
}
],
"datePublic": "2017-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView for MacOS",
"version": {
"version_data": [
{
"version_value": "Ver.9.2.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/170714.html",
"refsource": "CONFIRM",
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2241",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2240 (GCVE-0-2017-2240)
Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/170714.html | x_refsource_CONFIRM |
| http://jvn.jp/en/vu/JVNVU93377948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView for MacOS |
Affected:
Ver.9.2.0 and earlier versions
|
Date Public
2017-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView for MacOS",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.2.0 and earlier versions"
}
]
}
],
"datePublic": "2017-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView for MacOS",
"version": {
"version_data": [
{
"version_value": "Ver.9.2.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/170714.html",
"refsource": "CONFIRM",
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2240",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27244 (GCVE-0-2025-27244)
Vulnerability from cvelistv5 – Published: 2025-04-02 03:21 – Updated: 2025-04-02 15:41
VLAI
Summary
AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of sensitive information into sent data
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.3.4.3004 (13.3.4K)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:30:04.477226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:41:04.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.3.4.3004 (13.3.4K)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of sensitive information into sent data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T03:21:11.828Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.hammock.jp/assetview/info/250325.html"
},
{
"url": "https://jvn.jp/en/jp/JVN26321838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-27244",
"datePublished": "2025-04-02T03:21:11.828Z",
"dateReserved": "2025-03-07T06:04:10.352Z",
"dateUpdated": "2025-04-02T15:41:04.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25060 (GCVE-0-2025-25060)
Vulnerability from cvelistv5 – Published: 2025-04-02 03:20 – Updated: 2025-04-02 16:04
VLAI
Summary
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
2 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.2.4.3408 (13.2.4O)
|
|
| Hammock Corporation | AssetView CLOUD |
Affected:
prior to Ver 13.3.4.3004 (13.3.4K)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:44:53.916896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T16:04:49.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.2.4.3408 (13.2.4O)"
}
]
},
{
"product": "AssetView CLOUD",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver 13.3.4.3004 (13.3.4K)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing authentication for critical function",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T03:20:54.826Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.hammock.jp/assetview/info/250325.html"
},
{
"url": "https://jvn.jp/en/jp/JVN26321838/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-25060",
"datePublished": "2025-04-02T03:20:54.826Z",
"dateReserved": "2025-03-07T06:04:12.829Z",
"dateUpdated": "2025-04-02T16:04:49.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28719 (GCVE-0-2022-28719)
Vulnerability from cvelistv5 – Published: 2022-04-28 08:25 – Updated: 2024-08-03 06:03
VLAI
Summary
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
Severity
No CVSS data available.
CWE
- Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/220422.html | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN54857505/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView |
Affected:
prior to Ver.13.2.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:03:52.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "prior to Ver.13.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T08:25:12.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-28719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView",
"version": {
"version_data": [
{
"version_value": "prior to Ver.13.2.0"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/220422.html",
"refsource": "MISC",
"url": "https://www.hammock.jp/assetview/info/220422.html"
},
{
"name": "https://jvn.jp/en/jp/JVN54857505/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54857505/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-28719",
"datePublished": "2022-04-28T08:25:12.000Z",
"dateReserved": "2022-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:03:52.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2241 (GCVE-0-2017-2241)
Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/170714.html | x_refsource_CONFIRM |
| http://jvn.jp/en/vu/JVNVU93377948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView for MacOS |
Affected:
Ver.9.2.0 and earlier versions
|
Date Public
2017-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView for MacOS",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.2.0 and earlier versions"
}
]
}
],
"datePublic": "2017-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView for MacOS",
"version": {
"version_data": [
{
"version_value": "Ver.9.2.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/170714.html",
"refsource": "CONFIRM",
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2241",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2240 (GCVE-0-2017-2240)
Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.hammock.jp/assetview/info/170714.html | x_refsource_CONFIRM |
| http://jvn.jp/en/vu/JVNVU93377948/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hammock Corporation | AssetView for MacOS |
Affected:
Ver.9.2.0 and earlier versions
|
Date Public
2017-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AssetView for MacOS",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.9.2.0 and earlier versions"
}
]
}
],
"datePublic": "2017-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AssetView for MacOS",
"version": {
"version_data": [
{
"version_value": "Ver.9.2.0 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Hammock Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.hammock.jp/assetview/info/170714.html",
"refsource": "CONFIRM",
"url": "https://www.hammock.jp/assetview/info/170714.html"
},
{
"name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2240",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000019
Vulnerability from jvndb - Published: 2025-03-25 17:10 - Updated:2025-03-25 17:10
Severity
Summary
Multiple vulnerabilities in AssetView
Details
AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below.
- Missing authentication for critical function (CWE-306) - CVE-2025-25060
- Acquiring sensitive information from sent data to the developer (CWE-201) - CVE-2025-27244
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000019.html",
"dc:date": "2025-03-25T17:10+09:00",
"dcterms:issued": "2025-03-25T17:10+09:00",
"dcterms:modified": "2025-03-25T17:10+09:00",
"description": "AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below.\r\n\u003cUL\u003e\r\n\u003cLI\u003eMissing authentication for critical function (CWE-306) - CVE-2025-25060\u003c/br\u003e\r\n\u003cLI\u003eAcquiring sensitive information from sent data to the developer (CWE-201) - CVE-2025-27244\r\n\u003c/UL\u003e\r\n\u003c/UL\u003e\r\nTakao Kondo of VeriServe Corporation reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000019.html",
"sec:cpe": {
"#text": "cpe:/a:hammock:assetview",
"@product": "AssetView",
"@vendor": "Hammock Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000019",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN26321838/index.html",
"@id": "JVN#26321838",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-25060",
"@id": "CVE-2025-25060",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-27244",
"@id": "CVE-2025-27244",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in AssetView"
}
JVNDB-2024-000095
Vulnerability from jvndb - Published: 2024-09-09 16:40 - Updated:2024-09-09 16:40
Severity
Summary
Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
Details
Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).
Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
"dc:date": "2024-09-09T16:40+09:00",
"dcterms:issued": "2024-09-09T16:40+09:00",
"dcterms:modified": "2024-09-09T16:40+09:00",
"description": "Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
"sec:cpe": [
{
"#text": "cpe:/a:hammock:assetview_f",
"@product": "AssetView F",
"@vendor": "Hammock Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_cats",
"@product": "InterSafe CATS",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_gatewayconnection",
"@product": "InterSafe GatewayConnection",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_logdirector",
"@product": "InterSafe LogDirector",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_lognavigator",
"@product": "InterSafe LogNavigator",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_mobilesecurity",
"@product": "InterSafe MobileSecurity",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_webfilter",
"@product": "InterSafe WebFilter",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:axseed_sppm_bizbrower",
"@product": "SPPM BizBrowser",
"@vendor": "AXSEED,Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:axseed_sppm_secure_filtering",
"@product": "SPPM Secure Filtering",
"@vendor": "AXSEED,Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:jmas_kaito_secure_browser",
"@product": "KAITO Secure Browser",
"@vendor": "JMA Systems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:mjs_mjs_web_filtering",
"@product": "MJS Web Filtering",
"@vendor": "MIROKU JYOHO SERVICE CO., LTD. (MJS)",
"@version": "2.2"
},
{
"#text": "cpe:/a:motex:lanscope_endpoint_manager_web_filtering",
"@product": "LANSCOPE Endpoint Manager Web Filtering",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:qualitysoft:url_filtering",
"@product": "URL Filtering",
"@vendor": "QualitySoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_webmanager",
"@product": "InterScan WebManager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN05579230/index.html",
"@id": "JVN#05579230",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-45504",
"@id": "CVE-2024-45504",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery"
}
JVNDB-2022-000027
Vulnerability from jvndb - Published: 2022-04-22 13:53 - Updated:2024-06-20 12:15
Severity
Summary
Hammock AssetView missing authentication for critical functions
Details
AssetView provided by Hammock Corporation misses authentication for some critical functions (CWE-306) on the managing server.
Denis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000027.html",
"dc:date": "2024-06-20T12:15+09:00",
"dcterms:issued": "2022-04-22T13:53+09:00",
"dcterms:modified": "2024-06-20T12:15+09:00",
"description": "AssetView provided by Hammock Corporation misses authentication for some critical functions (CWE-306) on the managing server.\r\n\r\nDenis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000027.html",
"sec:cpe": {
"#text": "cpe:/a:hammock:assetview",
"@product": "AssetView",
"@vendor": "Hammock Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.0",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54857505/index.html",
"@id": "JVN#54857505",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-28719",
"@id": "CVE-2022-28719",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28719",
"@id": "CVE-2022-28719",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Hammock AssetView missing authentication for critical functions"
}
JVNDB-2017-010584
Vulnerability from jvndb - Published: 2018-01-12 15:32 - Updated:2018-01-12 15:32
Severity
Summary
AssetView and AssetView PLATINUM contain multiple vulnerabilities
Details
AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below.
* Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866
* Improper Input Validation (CWE-20) - CVE-2017-10867
Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html",
"dc:date": "2018-01-12T15:32+09:00",
"dcterms:issued": "2018-01-12T15:32+09:00",
"dcterms:modified": "2018-01-12T15:32+09:00",
"description": "AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below.\r\n\r\n* Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866\r\n* Improper Input Validation (CWE-20) - CVE-2017-10867\r\n\r\nMuneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html",
"sec:cpe": {
"#text": "cpe:/a:hammock:assetview",
"@product": "AssetView",
"@vendor": "Hammock Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-010584",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU91625548/",
"@id": "JVNVU#91625548",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10866",
"@id": "CVE-2017-10866",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10867",
"@id": "CVE-2017-10867",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/321.html",
"@id": "CWE-321",
"@title": "Use of Hard-coded Cryptographic Key(CWE-321)"
}
],
"title": "AssetView and AssetView PLATINUM contain multiple vulnerabilities"
}