Search
Find a vulnerability
Search criteria
46 vulnerabilities by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
CVE-2019-6019 (GCVE-0-2019-6019)
Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16
VLAI
Summary
Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ipa.go.jp/ikc/info/20191126.html | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN19386781/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | STAMP Workbench installer |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ipa.go.jp/ikc/info/20191126.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN19386781/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STAMP Workbench installer",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ipa.go.jp/ikc/info/20191126.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN19386781/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STAMP Workbench installer",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ipa.go.jp/ikc/info/20191126.html",
"refsource": "MISC",
"url": "https://www.ipa.go.jp/ikc/info/20191126.html"
},
{
"name": "http://jvn.jp/en/jp/JVN19386781/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN19386781/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6019",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:23.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2220 (GCVE-0-2017-2220)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_201… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN67305782/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Installer of CASL II simulator(self-extract format) |
Affected:
all versions
|
Date Public
2017-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of CASL II simulator(self-extract format)",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of CASL II simulator(self-extract format)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html",
"refsource": "MISC",
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2220",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2194 (GCVE-0-2017-2194)
Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ipa.go.jp/security/vuln/iCodeChecker/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN25078144/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Source code security studying tool iCodeChecker |
Affected:
all versions
|
Date Public
2017-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
},
{
"name": "JVN#25078144",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25078144/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Source code security studying tool iCodeChecker",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
},
{
"name": "JVN#25078144",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN25078144/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Source code security studying tool iCodeChecker",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ipa.go.jp/security/vuln/iCodeChecker/",
"refsource": "MISC",
"url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
},
{
"name": "JVN#25078144",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN25078144/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2194",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2182 (GCVE-0-2017-2182)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN01404851/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#01404851",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01404851/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#01404851",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01404851/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#01404851",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01404851/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2182",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2181 (GCVE-0-2017-2181)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN20870477/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#20870477",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20870477/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#20870477",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20870477/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#20870477",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20870477/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2181",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2180 (GCVE-0-2017-2180)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN32120290/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32120290",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN32120290/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32120290",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN32120290/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32120290",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN32120290/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2180",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2179 (GCVE-0-2017-2179)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN80238098/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#80238098",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#80238098",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#80238098",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2179",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2175 (GCVE-0-2017-2175)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ipa.go.jp/sec/info/20170519.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN12493656/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098 | third-party-advisoryx_refsource_JVNDB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Empirical Project Monitor - eXtended |
Affected:
all versions
|
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#12493656",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN12493656/index.html"
},
{
"name": "JVNDB-2017-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Empirical Project Monitor - eXtended",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#12493656",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN12493656/index.html"
},
{
"name": "JVNDB-2017-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#12493656",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN12493656/index.html"
},
{
"name": "JVNDB-2017-000098",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2175",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2174 (GCVE-0-2017-2174)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097 | third-party-advisoryx_refsource_JVNDB |
| https://www.ipa.go.jp/sec/info/20170519.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN11326581/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Empirical Project Monitor - eXtended |
Affected:
all versions
|
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Empirical Project Monitor - eXtended",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2174",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2173 (GCVE-0-2017-2173)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN85512750/index.html | third-party-advisoryx_refsource_JVN |
| https://www.ipa.go.jp/sec/info/20170519.html | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096 | third-party-advisoryx_refsource_JVNDB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Empirical Project Monitor - eXtended |
Affected:
all versions
|
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85512750",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Empirical Project Monitor - eXtended",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85512750",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85512750",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2173",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6019 (GCVE-0-2019-6019)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16
VLAI
Summary
Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ipa.go.jp/ikc/info/20191126.html | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN19386781/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | STAMP Workbench installer |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ipa.go.jp/ikc/info/20191126.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN19386781/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STAMP Workbench installer",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ipa.go.jp/ikc/info/20191126.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN19386781/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STAMP Workbench installer",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ipa.go.jp/ikc/info/20191126.html",
"refsource": "MISC",
"url": "https://www.ipa.go.jp/ikc/info/20191126.html"
},
{
"name": "http://jvn.jp/en/jp/JVN19386781/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN19386781/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6019",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:23.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2220 (GCVE-0-2017-2220)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_201… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN67305782/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Installer of CASL II simulator(self-extract format) |
Affected:
all versions
|
Date Public
2017-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of CASL II simulator(self-extract format)",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of CASL II simulator(self-extract format)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html",
"refsource": "MISC",
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2220",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2194 (GCVE-0-2017-2194)
Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ipa.go.jp/security/vuln/iCodeChecker/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN25078144/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Source code security studying tool iCodeChecker |
Affected:
all versions
|
Date Public
2017-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
},
{
"name": "JVN#25078144",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25078144/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Source code security studying tool iCodeChecker",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T12:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
},
{
"name": "JVN#25078144",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN25078144/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Source code security studying tool iCodeChecker",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ipa.go.jp/security/vuln/iCodeChecker/",
"refsource": "MISC",
"url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
},
{
"name": "JVN#25078144",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN25078144/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2194",
"datePublished": "2017-07-07T13:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2180 (GCVE-0-2017-2180)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN32120290/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32120290",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN32120290/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32120290",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN32120290/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32120290",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN32120290/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2180",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2182 (GCVE-0-2017-2182)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN01404851/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#01404851",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01404851/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#01404851",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01404851/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#01404851",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01404851/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2182",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2181 (GCVE-0-2017-2181)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN20870477/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:04.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#20870477",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN20870477/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#20870477",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN20870477/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#20870477",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20870477/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2181",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:04.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2179 (GCVE-0-2017-2179)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN80238098/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application |
Affected:
V3.0.2 and earlier
|
Date Public
2017-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#80238098",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
}
],
"datePublic": "2017-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#80238098",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#80238098",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2179",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2174 (GCVE-0-2017-2174)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097 | third-party-advisoryx_refsource_JVNDB |
| https://www.ipa.go.jp/sec/info/20170519.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN11326581/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Empirical Project Monitor - eXtended |
Affected:
all versions
|
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Empirical Project Monitor - eXtended",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000097",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2174",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2173 (GCVE-0-2017-2173)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN85512750/index.html | third-party-advisoryx_refsource_JVN |
| https://www.ipa.go.jp/sec/info/20170519.html | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096 | third-party-advisoryx_refsource_JVNDB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Empirical Project Monitor - eXtended |
Affected:
all versions
|
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#85512750",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Empirical Project Monitor - eXtended",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#85512750",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85512750",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2173",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2175 (GCVE-0-2017-2175)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.ipa.go.jp/sec/info/20170519.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN12493656/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098 | third-party-advisoryx_refsource_JVNDB |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) | Empirical Project Monitor - eXtended |
Affected:
all versions
|
Date Public
2017-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#12493656",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN12493656/index.html"
},
{
"name": "JVNDB-2017-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Empirical Project Monitor - eXtended",
"vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#12493656",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN12493656/index.html"
},
{
"name": "JVNDB-2017-000098",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#12493656",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN12493656/index.html"
},
{
"name": "JVNDB-2017-000098",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2175",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2019-000071
Vulnerability from jvndb - Published: 2019-11-27 10:31 - Updated:2019-11-27 10:31
Severity
Summary
STAMP Workbench installer may insecurely load Dynamic Link Libraries
Details
STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA). It is distirbuted as a ZIP archive or an Windows executable installer.
The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Yuji Tonai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000071.html",
"dc:date": "2019-11-27T10:31+09:00",
"dcterms:issued": "2019-11-27T10:31+09:00",
"dcterms:modified": "2019-11-27T10:31+09:00",
"description": "STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA). It is distirbuted as a ZIP archive or an Windows executable installer.\r\nThe Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tonai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000071.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:stamp_workbench",
"@product": "STAMP Workbench",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000071",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN19386781/index.html",
"@id": "JVN#19386781",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6019",
"@id": "CVE-2019-6019",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6019",
"@id": "CVE-2019-6019",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "STAMP Workbench installer may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000133
Vulnerability from jvndb - Published: 2017-06-13 14:50 - Updated:2018-02-14 13:48
Severity
Summary
Source code security studying tool iCodeChecker vulnerable to cross-site scripting
Details
Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a cross-site scripting vulnerability (CWE-79).
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000133.html",
"dc:date": "2018-02-14T13:48+09:00",
"dcterms:issued": "2017-06-13T14:50+09:00",
"dcterms:modified": "2018-02-14T13:48+09:00",
"description": "Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000133.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:icodechecker",
"@product": "Source code security studying tool iCodeChecker",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000133",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25078144/index.html",
"@id": "JVN#25078144",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2194",
"@id": "CVE-2017-2194",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2194",
"@id": "CVE-2017-2194",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Source code security studying tool iCodeChecker vulnerable to cross-site scripting"
}
JVNDB-2017-000117
Vulnerability from jvndb - Published: 2017-06-09 13:49 - Updated:2018-02-14 11:58
Severity
Summary
Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
Details
Installer of CASL II simulator(self-extract format) provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000117.html",
"dc:date": "2018-02-14T11:58+09:00",
"dcterms:issued": "2017-06-09T13:49+09:00",
"dcterms:modified": "2018-02-14T11:58+09:00",
"description": "Installer of CASL II simulator(self-extract format) provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000117.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:casl_ii_simulator",
"@product": "CASL II simulator",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000117",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67305782/index.html",
"@id": "JVN#67305782",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2220",
"@id": "CVE-2017-2220",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2220",
"@id": "CVE-2017-2220",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000113
Vulnerability from jvndb - Published: 2017-06-06 14:21 - Updated:2017-11-27 17:22
Severity
Summary
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
Details
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Note that this vulnerability is different from JVN#80238098 and JVN#01404851.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000113.html",
"dc:date": "2017-11-27T17:22+09:00",
"dcterms:issued": "2017-06-06T14:21+09:00",
"dcterms:modified": "2017-11-27T17:22+09:00",
"description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains a remote code execution vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#80238098 and JVN#01404851.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000113.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:appgoat",
"@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000113",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN20870477/index.html",
"@id": "JVN#20870477",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2181",
"@id": "CVE-2017-2181",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2181",
"@id": "CVE-2017-2181",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to remote code execution"
}
JVNDB-2017-000112
Vulnerability from jvndb - Published: 2017-06-06 14:20 - Updated:2017-11-27 17:22
Severity
Summary
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure
Details
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an information disclosure vulnerability.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000112.html",
"dc:date": "2017-11-27T17:22+09:00",
"dcterms:issued": "2017-06-06T14:20+09:00",
"dcterms:modified": "2017-11-27T17:22+09:00",
"description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains an information disclosure vulnerability.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000112.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:appgoat",
"@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000112",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32120290/index.html",
"@id": "JVN#32120290",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2180",
"@id": "CVE-2017-2180",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2180",
"@id": "CVE-2017-2180",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to information disclosure"
}
JVNDB-2017-000114
Vulnerability from jvndb - Published: 2017-06-06 14:19 - Updated:2017-11-27 17:22
Severity
Summary
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
Details
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Note that this vulnerability is different from JVN#80238098 and JVN#20870477.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000114.html",
"dc:date": "2017-11-27T17:22+09:00",
"dcterms:issued": "2017-06-06T14:19+09:00",
"dcterms:modified": "2017-11-27T17:22+09:00",
"description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains a remote code execution vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#80238098 and JVN#20870477.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000114.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:appgoat",
"@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000114",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN01404851/index.html",
"@id": "JVN#01404851",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2182",
"@id": "CVE-2017-2182",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2182",
"@id": "CVE-2017-2182",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to remote code execution"
}
JVNDB-2017-000111
Vulnerability from jvndb - Published: 2017-06-06 14:19 - Updated:2017-11-27 17:22
Severity
Summary
Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
Details
AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability.
Note that this vulnerability is different from JVN#20870477 and JVN#01404851.
Masato Kinugawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000111.html",
"dc:date": "2017-11-27T17:22+09:00",
"dcterms:issued": "2017-06-06T14:19+09:00",
"dcterms:modified": "2017-11-27T17:22+09:00",
"description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains a remote code execution vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#20870477 and JVN#01404851.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000111.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:appgoat",
"@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000111",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80238098/index.html",
"@id": "JVN#80238098",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2179",
"@id": "CVE-2017-2179",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2179",
"@id": "CVE-2017-2179",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to remote code execution"
}
JVNDB-2017-000098
Vulnerability from jvndb - Published: 2017-05-19 14:57 - Updated:2017-11-27 18:01
Severity
Summary
The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries
Details
The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html",
"dc:date": "2017-11-27T18:01+09:00",
"dcterms:issued": "2017-05-19T14:57+09:00",
"dcterms:modified": "2017-11-27T18:01+09:00",
"description": "The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
"@product": "Empirical Project Monitor - eXtended",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000098",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12493656/index.html",
"@id": "JVN#12493656",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2175",
"@id": "CVE-2017-2175",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2175",
"@id": "CVE-2017-2175",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000097
Vulnerability from jvndb - Published: 2017-05-19 14:55 - Updated:2017-11-27 18:01
Severity
Summary
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Details
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability.
Note that this vulnerability is different from JVN#85512750.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html",
"dc:date": "2017-11-27T18:01+09:00",
"dcterms:issued": "2017-05-19T14:55+09:00",
"dcterms:modified": "2017-11-27T18:01+09:00",
"description": "Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#85512750.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
"@product": "Empirical Project Monitor - eXtended",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000097",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11326581/index.html",
"@id": "JVN#11326581",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2174",
"@id": "CVE-2017-2174",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2174",
"@id": "CVE-2017-2174",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Empirical Project Monitor - eXtended vulnerable to cross-site scripting"
}
JVNDB-2017-000096
Vulnerability from jvndb - Published: 2017-05-19 14:53 - Updated:2017-11-27 18:01
Severity
Summary
Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Details
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79).
Note that this vulnerability is different from JVN#11326581.
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html",
"dc:date": "2017-11-27T18:01+09:00",
"dcterms:issued": "2017-05-19T14:53+09:00",
"dcterms:modified": "2017-11-27T18:01+09:00",
"description": "Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nNote that this vulnerability is different from JVN#11326581.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html",
"sec:cpe": {
"#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
"@product": "Empirical Project Monitor - eXtended",
"@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000096",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN85512750/index.html",
"@id": "JVN#85512750",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2173",
"@id": "CVE-2017-2173",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2173",
"@id": "CVE-2017-2173",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Empirical Project Monitor - eXtended vulnerable to cross-site scripting"
}