Search

Find a vulnerability

Search criteria

    16 vulnerabilities by Hammock Corporation

    CVE-2025-27244 (GCVE-0-2025-27244)

    Vulnerability from nvd – Published: 2025-04-02 03:21 – Updated: 2025-04-02 15:41
    VLAI
    Summary
    AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of sensitive information into sent data
    Assigner
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.3.4.3004 (13.3.4K)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:30:04.477226Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T15:41:04.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.3.4.3004 (13.3.4K)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Insertion of sensitive information into sent data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T03:21:11.828Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.hammock.jp/assetview/info/250325.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26321838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27244",
        "datePublished": "2025-04-02T03:21:11.828Z",
        "dateReserved": "2025-03-07T06:04:10.352Z",
        "dateUpdated": "2025-04-02T15:41:04.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25060 (GCVE-0-2025-25060)

    Vulnerability from nvd – Published: 2025-04-02 03:20 – Updated: 2025-04-02 16:04
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.3.4.3004 (13.3.4K)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:44:53.916896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T16:04:49.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.3.4.3004 (13.3.4K)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T03:20:54.826Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.hammock.jp/assetview/info/250325.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26321838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25060",
        "datePublished": "2025-04-02T03:20:54.826Z",
        "dateReserved": "2025-03-07T06:04:12.829Z",
        "dateUpdated": "2025-04-02T16:04:49.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45504 (GCVE-0-2024-45504)

    Vulnerability from nvd – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site request forgery (CSRF)
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Alps System Integration Co., Ltd. InterSafe WebFilter Affected: prior to V9.1SP4 Build1653
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe LogDirector Affected: versions before the replacement file released on 2024 September 9
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe GatewayConnection Affected: versions before 2024 July 20 maintenance
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe LogNavigator Affected: prior to Ver.1.1.1
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe CATS Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe MobileSecurity Affected: versions before 2024 August 31 maintenance
    Create a notification for this product.
    Trend Micro Incorporated InterScan WebManager Affected: 9.0
    Affected: 9.0 Service Pack 1
    Affected: 9.1
    Affected: 9.1 Service Pack 1
    Affected: 9.1 Service Pack 2
    Affected: 9.1 Service Pack 3
    Affected: and 9.1 Service Pack 4
    Create a notification for this product.
    MIROKU JYOHO SERVICE CO., LTD. MJS WebFiltering Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    Hammock Corporation AssetView F Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    MOTEX Inc. LANSCOPE EndpointManager WebFiltering Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    AXSEED,Inc. SPPM BizBrowser Affected: versions before 2024 June 18 maintenance
    Create a notification for this product.
    AXSEED,Inc. SPPM Secure Filtering Affected: versions before 2024 July 20 maintenance
    Create a notification for this product.
    QualitySoft Corporation URL Filtering Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    JMA Systems Corporation KAITO SecureBrowser Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45504",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:45:48.117386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:53:34.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "InterSafe WebFilter",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to V9.1SP4 Build1653"
                }
              ]
            },
            {
              "product": "InterSafe LogDirector",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before the replacement file released on 2024 September 9"
                }
              ]
            },
            {
              "product": "InterSafe GatewayConnection",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 20 maintenance"
                }
              ]
            },
            {
              "product": "InterSafe LogNavigator",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver.1.1.1"
                }
              ]
            },
            {
              "product": "InterSafe CATS",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "InterSafe MobileSecurity",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 August 31 maintenance"
                }
              ]
            },
            {
              "product": "InterScan WebManager",
              "vendor": "Trend Micro Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "9.0 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.1 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "9.1 Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "9.1 Service Pack 3"
                },
                {
                  "status": "affected",
                  "version": "and 9.1 Service Pack 4"
                }
              ]
            },
            {
              "product": "MJS WebFiltering",
              "vendor": "MIROKU JYOHO SERVICE CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "AssetView F",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "LANSCOPE EndpointManager WebFiltering",
              "vendor": "MOTEX Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "SPPM BizBrowser",
              "vendor": "AXSEED,Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 June 18 maintenance"
                }
              ]
            },
            {
              "product": "SPPM Secure Filtering",
              "vendor": "AXSEED,Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 20 maintenance"
                }
              ]
            },
            {
              "product": "URL Filtering",
              "vendor": "QualitySoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "KAITO SecureBrowser",
              "vendor": "JMA Systems Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T04:35:19.457Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
            },
            {
              "url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
            },
            {
              "url": "https://www.motex.co.jp/news/notice/2024/release240909/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05579230/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-45504",
        "datePublished": "2024-09-10T04:35:19.457Z",
        "dateReserved": "2024-08-30T14:44:59.684Z",
        "dateUpdated": "2024-11-04T20:53:34.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28719 (GCVE-0-2022-28719)

    Vulnerability from nvd – Published: 2022-04-28 08:25 – Updated: 2024-08-03 06:03
    VLAI
    Summary
    Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
    Severity
    No CVSS data available.
    CWE
    • Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView Affected: prior to Ver.13.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.hammock.jp/assetview/info/220422.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver.13.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T08:25:12.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.hammock.jp/assetview/info/220422.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-28719",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AssetView",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to Ver.13.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hammock Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.hammock.jp/assetview/info/220422.html",
                  "refsource": "MISC",
                  "url": "https://www.hammock.jp/assetview/info/220422.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN54857505/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-28719",
        "datePublished": "2022-04-28T08:25:12.000Z",
        "dateReserved": "2022-04-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:03:52.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2241 (GCVE-0-2017-2241)

    Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView for MacOS Affected: Ver.9.2.0 and earlier versions
    Create a notification for this product.
    Date Public
    2017-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.hammock.jp/assetview/info/170714.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView for MacOS",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.2.0 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2017-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-14T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.hammock.jp/assetview/info/170714.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AssetView for MacOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.9.2.0 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hammock Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.hammock.jp/assetview/info/170714.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.hammock.jp/assetview/info/170714.html"
                },
                {
                  "name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2241",
        "datePublished": "2017-07-14T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2240 (GCVE-0-2017-2240)

    Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView for MacOS Affected: Ver.9.2.0 and earlier versions
    Create a notification for this product.
    Date Public
    2017-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:05.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.hammock.jp/assetview/info/170714.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView for MacOS",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.2.0 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2017-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-14T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.hammock.jp/assetview/info/170714.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2240",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AssetView for MacOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.9.2.0 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hammock Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.hammock.jp/assetview/info/170714.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.hammock.jp/assetview/info/170714.html"
                },
                {
                  "name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2240",
        "datePublished": "2017-07-14T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:05.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27244 (GCVE-0-2025-27244)

    Vulnerability from cvelistv5 – Published: 2025-04-02 03:21 – Updated: 2025-04-02 15:41
    VLAI
    Summary
    AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of sensitive information into sent data
    Assigner
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.3.4.3004 (13.3.4K)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:30:04.477226Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T15:41:04.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.3.4.3004 (13.3.4K)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "Insertion of sensitive information into sent data",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T03:21:11.828Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.hammock.jp/assetview/info/250325.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26321838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-27244",
        "datePublished": "2025-04-02T03:21:11.828Z",
        "dateReserved": "2025-03-07T06:04:10.352Z",
        "dateUpdated": "2025-04-02T15:41:04.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25060 (GCVE-0-2025-25060)

    Vulnerability from cvelistv5 – Published: 2025-04-02 03:20 – Updated: 2025-04-02 16:04
    VLAI
    Summary
    Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.2.4.3408 (13.2.4O)
    Create a notification for this product.
    Hammock Corporation AssetView CLOUD Affected: prior to Ver 13.3.4.3004 (13.3.4K)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:44:53.916896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T16:04:49.028Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.2.4.3408 (13.2.4O)"
                }
              ]
            },
            {
              "product": "AssetView CLOUD",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver 13.3.4.3004 (13.3.4K)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing authentication for critical function",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-02T03:20:54.826Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.hammock.jp/assetview/info/250325.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26321838/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-25060",
        "datePublished": "2025-04-02T03:20:54.826Z",
        "dateReserved": "2025-03-07T06:04:12.829Z",
        "dateUpdated": "2025-04-02T16:04:49.028Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45504 (GCVE-0-2024-45504)

    Vulnerability from cvelistv5 – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Cross-site request forgery (CSRF)
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Alps System Integration Co., Ltd. InterSafe WebFilter Affected: prior to V9.1SP4 Build1653
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe LogDirector Affected: versions before the replacement file released on 2024 September 9
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe GatewayConnection Affected: versions before 2024 July 20 maintenance
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe LogNavigator Affected: prior to Ver.1.1.1
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe CATS Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    Alps System Integration Co., Ltd. InterSafe MobileSecurity Affected: versions before 2024 August 31 maintenance
    Create a notification for this product.
    Trend Micro Incorporated InterScan WebManager Affected: 9.0
    Affected: 9.0 Service Pack 1
    Affected: 9.1
    Affected: 9.1 Service Pack 1
    Affected: 9.1 Service Pack 2
    Affected: 9.1 Service Pack 3
    Affected: and 9.1 Service Pack 4
    Create a notification for this product.
    MIROKU JYOHO SERVICE CO., LTD. MJS WebFiltering Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    Hammock Corporation AssetView F Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    MOTEX Inc. LANSCOPE EndpointManager WebFiltering Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    AXSEED,Inc. SPPM BizBrowser Affected: versions before 2024 June 18 maintenance
    Create a notification for this product.
    AXSEED,Inc. SPPM Secure Filtering Affected: versions before 2024 July 20 maintenance
    Create a notification for this product.
    QualitySoft Corporation URL Filtering Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    JMA Systems Corporation KAITO SecureBrowser Affected: versions before 2024 July 4 maintenance
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45504",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T13:45:48.117386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T20:53:34.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "InterSafe WebFilter",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to V9.1SP4 Build1653"
                }
              ]
            },
            {
              "product": "InterSafe LogDirector",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before the replacement file released on 2024 September 9"
                }
              ]
            },
            {
              "product": "InterSafe GatewayConnection",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 20 maintenance"
                }
              ]
            },
            {
              "product": "InterSafe LogNavigator",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver.1.1.1"
                }
              ]
            },
            {
              "product": "InterSafe CATS",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "InterSafe MobileSecurity",
              "vendor": "Alps System Integration Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 August 31 maintenance"
                }
              ]
            },
            {
              "product": "InterScan WebManager",
              "vendor": "Trend Micro Incorporated",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0"
                },
                {
                  "status": "affected",
                  "version": "9.0 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "9.1"
                },
                {
                  "status": "affected",
                  "version": "9.1 Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "9.1 Service Pack 2"
                },
                {
                  "status": "affected",
                  "version": "9.1 Service Pack 3"
                },
                {
                  "status": "affected",
                  "version": "and 9.1 Service Pack 4"
                }
              ]
            },
            {
              "product": "MJS WebFiltering",
              "vendor": "MIROKU JYOHO SERVICE CO., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "AssetView F",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "LANSCOPE EndpointManager WebFiltering",
              "vendor": "MOTEX Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "SPPM BizBrowser",
              "vendor": "AXSEED,Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 June 18 maintenance"
                }
              ]
            },
            {
              "product": "SPPM Secure Filtering",
              "vendor": "AXSEED,Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 20 maintenance"
                }
              ]
            },
            {
              "product": "URL Filtering",
              "vendor": "QualitySoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            },
            {
              "product": "KAITO SecureBrowser",
              "vendor": "JMA Systems Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions before 2024 July 4 maintenance"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T04:35:19.457Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
            },
            {
              "url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
            },
            {
              "url": "https://www.motex.co.jp/news/notice/2024/release240909/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05579230/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-45504",
        "datePublished": "2024-09-10T04:35:19.457Z",
        "dateReserved": "2024-08-30T14:44:59.684Z",
        "dateUpdated": "2024-11-04T20:53:34.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28719 (GCVE-0-2022-28719)

    Vulnerability from cvelistv5 – Published: 2022-04-28 08:25 – Updated: 2024-08-03 06:03
    VLAI
    Summary
    Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
    Severity
    No CVSS data available.
    CWE
    • Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView Affected: prior to Ver.13.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:03:52.606Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.hammock.jp/assetview/info/220422.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to Ver.13.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-28T08:25:12.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.hammock.jp/assetview/info/220422.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-28719",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AssetView",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to Ver.13.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hammock Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.hammock.jp/assetview/info/220422.html",
                  "refsource": "MISC",
                  "url": "https://www.hammock.jp/assetview/info/220422.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN54857505/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN54857505/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-28719",
        "datePublished": "2022-04-28T08:25:12.000Z",
        "dateReserved": "2022-04-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:03:52.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2241 (GCVE-0-2017-2241)

    Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView for MacOS Affected: Ver.9.2.0 and earlier versions
    Create a notification for this product.
    Date Public
    2017-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.260Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.hammock.jp/assetview/info/170714.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView for MacOS",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.2.0 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2017-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-14T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.hammock.jp/assetview/info/170714.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AssetView for MacOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.9.2.0 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hammock Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via \"File Transfer Web Service\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.hammock.jp/assetview/info/170714.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.hammock.jp/assetview/info/170714.html"
                },
                {
                  "name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2241",
        "datePublished": "2017-07-14T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2240 (GCVE-0-2017-2240)

    Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Hammock Corporation AssetView for MacOS Affected: Ver.9.2.0 and earlier versions
    Create a notification for this product.
    Date Public
    2017-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:05.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.hammock.jp/assetview/info/170714.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AssetView for MacOS",
              "vendor": "Hammock Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.9.2.0 and earlier versions"
                }
              ]
            }
          ],
          "datePublic": "2017-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-14T15:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.hammock.jp/assetview/info/170714.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2240",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AssetView for MacOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.9.2.0 and earlier versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hammock Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via \"File Transfer Web Service\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.hammock.jp/assetview/info/170714.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.hammock.jp/assetview/info/170714.html"
                },
                {
                  "name": "http://jvn.jp/en/vu/JVNVU93377948/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/vu/JVNVU93377948/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2240",
        "datePublished": "2017-07-14T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:05.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000019

    Vulnerability from jvndb - Published: 2025-03-25 17:10 - Updated:2025-03-25 17:10
    Severity
    Summary
    Multiple vulnerabilities in AssetView
    Details
    AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below.
    • Missing authentication for critical function (CWE-306) - CVE-2025-25060
    • Acquiring sensitive information from sent data to the developer (CWE-201) - CVE-2025-27244
    Takao Kondo of VeriServe Corporation reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000019.html",
      "dc:date": "2025-03-25T17:10+09:00",
      "dcterms:issued": "2025-03-25T17:10+09:00",
      "dcterms:modified": "2025-03-25T17:10+09:00",
      "description": "AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below.\r\n\u003cUL\u003e\r\n\u003cLI\u003eMissing authentication for critical function (CWE-306) - CVE-2025-25060\u003c/br\u003e\r\n\u003cLI\u003eAcquiring sensitive information from sent data to the developer (CWE-201) - CVE-2025-27244\r\n\u003c/UL\u003e\r\n\u003c/UL\u003e\r\nTakao Kondo of VeriServe Corporation reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000019.html",
      "sec:cpe": {
        "#text": "cpe:/a:hammock:assetview",
        "@product": "AssetView",
        "@vendor": "Hammock Corporation",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.2",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000019",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN26321838/index.html",
          "@id": "JVN#26321838",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25060",
          "@id": "CVE-2025-25060",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27244",
          "@id": "CVE-2025-27244",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in AssetView"
    }

    JVNDB-2024-000095

    Vulnerability from jvndb - Published: 2024-09-09 16:40 - Updated:2024-09-09 16:40

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
      "dc:date": "2024-09-09T16:40+09:00",
      "dcterms:issued": "2024-09-09T16:40+09:00",
      "dcterms:modified": "2024-09-09T16:40+09:00",
      "description": "Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:hammock:assetview_f",
          "@product": "AssetView F",
          "@vendor": "Hammock Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:alps_system_integration_intersafe_cats",
          "@product": "InterSafe CATS",
          "@vendor": "Alps System Integration Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:alps_system_integration_intersafe_gatewayconnection",
          "@product": "InterSafe GatewayConnection",
          "@vendor": "Alps System Integration Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:alps_system_integration_intersafe_logdirector",
          "@product": "InterSafe LogDirector",
          "@vendor": "Alps System Integration Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:alps_system_integration_intersafe_lognavigator",
          "@product": "InterSafe LogNavigator",
          "@vendor": "Alps System Integration Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:alps_system_integration_intersafe_mobilesecurity",
          "@product": "InterSafe MobileSecurity",
          "@vendor": "Alps System Integration Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:alps_system_integration_intersafe_webfilter",
          "@product": "InterSafe WebFilter",
          "@vendor": "Alps System Integration Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:axseed_sppm_bizbrower",
          "@product": "SPPM BizBrowser",
          "@vendor": "AXSEED,Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:axseed_sppm_secure_filtering",
          "@product": "SPPM Secure Filtering",
          "@vendor": "AXSEED,Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:jmas_kaito_secure_browser",
          "@product": "KAITO Secure Browser",
          "@vendor": "JMA Systems Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:misc:mjs_mjs_web_filtering",
          "@product": "MJS Web Filtering",
          "@vendor": "MIROKU JYOHO SERVICE CO., LTD. (MJS)",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:motex:lanscope_endpoint_manager_web_filtering",
          "@product": "LANSCOPE Endpoint Manager Web Filtering",
          "@vendor": "MOTEX Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:qualitysoft:url_filtering",
          "@product": "URL Filtering",
          "@vendor": "QualitySoft Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:trendmicro:interscan_webmanager",
          "@product": "InterScan WebManager",
          "@vendor": "Trend Micro, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.5",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000095",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN05579230/index.html",
          "@id": "JVN#05579230",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45504",
          "@id": "CVE-2024-45504",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        }
      ],
      "title": "Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery"
    }

    JVNDB-2022-000027

    Vulnerability from jvndb - Published: 2022-04-22 13:53 - Updated:2024-06-20 12:15
    Severity
    Summary
    Hammock AssetView missing authentication for critical functions
    Details
    AssetView provided by Hammock Corporation misses authentication for some critical functions (CWE-306) on the managing server. Denis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000027.html",
      "dc:date": "2024-06-20T12:15+09:00",
      "dcterms:issued": "2022-04-22T13:53+09:00",
      "dcterms:modified": "2024-06-20T12:15+09:00",
      "description": "AssetView provided by Hammock Corporation misses authentication for some critical functions (CWE-306) on the managing server.\r\n\r\nDenis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000027.html",
      "sec:cpe": {
        "#text": "cpe:/a:hammock:assetview",
        "@product": "AssetView",
        "@vendor": "Hammock Corporation",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "9.3",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "9.0",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2022-000027",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN54857505/index.html",
          "@id": "JVN#54857505",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-28719",
          "@id": "CVE-2022-28719",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28719",
          "@id": "CVE-2022-28719",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "Hammock AssetView missing authentication for critical functions"
    }

    JVNDB-2017-010584

    Vulnerability from jvndb - Published: 2018-01-12 15:32 - Updated:2018-01-12 15:32
    Severity
    Summary
    AssetView and AssetView PLATINUM contain multiple vulnerabilities
    Details
    AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below. * Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866 * Improper Input Validation (CWE-20) - CVE-2017-10867 Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html",
      "dc:date": "2018-01-12T15:32+09:00",
      "dcterms:issued": "2018-01-12T15:32+09:00",
      "dcterms:modified": "2018-01-12T15:32+09:00",
      "description": "AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below.\r\n\r\n* Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866\r\n* Improper Input Validation (CWE-20) - CVE-2017-10867\r\n\r\nMuneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html",
      "sec:cpe": {
        "#text": "cpe:/a:hammock:assetview",
        "@product": "AssetView",
        "@vendor": "Hammock Corporation",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-010584",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU91625548/",
          "@id": "JVNVU#91625548",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10866",
          "@id": "CVE-2017-10866",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10867",
          "@id": "CVE-2017-10867",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/321.html",
          "@id": "CWE-321",
          "@title": "Use of Hard-coded Cryptographic Key(CWE-321)"
        }
      ],
      "title": "AssetView and AssetView PLATINUM contain multiple vulnerabilities"
    }