Search

Find a vulnerability

Search criteria

    46 vulnerabilities by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)

    CVE-2019-6019 (GCVE-0-2019-6019)

    Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16
    VLAI
    Summary
    Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:23.182Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/ikc/info/20191126.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN19386781/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STAMP Workbench installer",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-26T15:16:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ipa.go.jp/ikc/info/20191126.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN19386781/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STAMP Workbench installer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ipa.go.jp/ikc/info/20191126.html",
                  "refsource": "MISC",
                  "url": "https://www.ipa.go.jp/ikc/info/20191126.html"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN19386781/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN19386781/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6019",
        "datePublished": "2019-12-26T15:16:50.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:16:23.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2220 (GCVE-0-2017-2220)

    Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_201… x_refsource_MISC
    https://jvn.jp/en/jp/JVN67305782/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
              },
              {
                "name": "JVN#67305782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN67305782/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of CASL II simulator(self-extract format)",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
            },
            {
              "name": "JVN#67305782",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN67305782/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2220",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of CASL II simulator(self-extract format)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html",
                  "refsource": "MISC",
                  "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
                },
                {
                  "name": "JVN#67305782",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN67305782/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2220",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2194 (GCVE-0-2017-2194)

    Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://www.ipa.go.jp/security/vuln/iCodeChecker/ x_refsource_MISC
    https://jvn.jp/en/jp/JVN25078144/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
              },
              {
                "name": "JVN#25078144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN25078144/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Source code security studying tool iCodeChecker",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
            },
            {
              "name": "JVN#25078144",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN25078144/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2194",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Source code security studying tool iCodeChecker",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ipa.go.jp/security/vuln/iCodeChecker/",
                  "refsource": "MISC",
                  "url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
                },
                {
                  "name": "JVN#25078144",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN25078144/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2194",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2182 (GCVE-0-2017-2182)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.
    Severity
    No CVSS data available.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN01404851/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#01404851",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN01404851/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#01404851",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN01404851/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2182",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#01404851",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN01404851/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2182",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2181 (GCVE-0-2017-2181)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.
    Severity
    No CVSS data available.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN20870477/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#20870477",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN20870477/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#20870477",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN20870477/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#20870477",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN20870477/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2181",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2180 (GCVE-0-2017-2180)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN32120290/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#32120290",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN32120290/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#32120290",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN32120290/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#32120290",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN32120290/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2180",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2179 (GCVE-0-2017-2179)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.
    Severity
    No CVSS data available.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN80238098/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#80238098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN80238098/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#80238098",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN80238098/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#80238098",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN80238098/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2179",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2175 (GCVE-0-2017-2175)

    Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://www.ipa.go.jp/sec/info/20170519.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN12493656/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098 third-party-advisoryx_refsource_JVNDB
    Date Public
    2017-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:05.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/sec/info/20170519.html"
              },
              {
                "name": "JVN#12493656",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN12493656/index.html"
              },
              {
                "name": "JVNDB-2017-000098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Empirical Project Monitor - eXtended",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-22T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ipa.go.jp/sec/info/20170519.html"
            },
            {
              "name": "JVN#12493656",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN12493656/index.html"
            },
            {
              "name": "JVNDB-2017-000098",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Empirical Project Monitor - eXtended",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ipa.go.jp/sec/info/20170519.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ipa.go.jp/sec/info/20170519.html"
                },
                {
                  "name": "JVN#12493656",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN12493656/index.html"
                },
                {
                  "name": "JVNDB-2017-000098",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2175",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:05.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2174 (GCVE-0-2017-2174)

    Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097 third-party-advisoryx_refsource_JVNDB
    https://www.ipa.go.jp/sec/info/20170519.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN11326581/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2017-000097",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/sec/info/20170519.html"
              },
              {
                "name": "JVN#11326581",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN11326581/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Empirical Project Monitor - eXtended",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-22T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2017-000097",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ipa.go.jp/sec/info/20170519.html"
            },
            {
              "name": "JVN#11326581",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN11326581/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2174",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Empirical Project Monitor - eXtended",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2017-000097",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
                },
                {
                  "name": "https://www.ipa.go.jp/sec/info/20170519.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ipa.go.jp/sec/info/20170519.html"
                },
                {
                  "name": "JVN#11326581",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN11326581/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2174",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2173 (GCVE-0-2017-2173)

    Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN85512750/index.html third-party-advisoryx_refsource_JVN
    https://www.ipa.go.jp/sec/info/20170519.html x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096 third-party-advisoryx_refsource_JVNDB
    Date Public
    2017-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.722Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#85512750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN85512750/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/sec/info/20170519.html"
              },
              {
                "name": "JVNDB-2017-000096",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Empirical Project Monitor - eXtended",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-22T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#85512750",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN85512750/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ipa.go.jp/sec/info/20170519.html"
            },
            {
              "name": "JVNDB-2017-000096",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2173",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Empirical Project Monitor - eXtended",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#85512750",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN85512750/index.html"
                },
                {
                  "name": "https://www.ipa.go.jp/sec/info/20170519.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ipa.go.jp/sec/info/20170519.html"
                },
                {
                  "name": "JVNDB-2017-000096",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2173",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6019 (GCVE-0-2019-6019)

    Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16
    VLAI
    Summary
    Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:23.182Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/ikc/info/20191126.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN19386781/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STAMP Workbench installer",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-26T15:16:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ipa.go.jp/ikc/info/20191126.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN19386781/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6019",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STAMP Workbench installer",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ipa.go.jp/ikc/info/20191126.html",
                  "refsource": "MISC",
                  "url": "https://www.ipa.go.jp/ikc/info/20191126.html"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN19386781/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN19386781/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6019",
        "datePublished": "2019-12-26T15:16:50.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:16:23.182Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2220 (GCVE-0-2017-2220)

    Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_201… x_refsource_MISC
    https://jvn.jp/en/jp/JVN67305782/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
              },
              {
                "name": "JVN#67305782",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN67305782/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of CASL II simulator(self-extract format)",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
            },
            {
              "name": "JVN#67305782",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN67305782/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2220",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of CASL II simulator(self-extract format)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html",
                  "refsource": "MISC",
                  "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
                },
                {
                  "name": "JVN#67305782",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN67305782/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2220",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.372Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2194 (GCVE-0-2017-2194)

    Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://www.ipa.go.jp/security/vuln/iCodeChecker/ x_refsource_MISC
    https://jvn.jp/en/jp/JVN25078144/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.713Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
              },
              {
                "name": "JVN#25078144",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN25078144/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Source code security studying tool iCodeChecker",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-06-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
            },
            {
              "name": "JVN#25078144",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN25078144/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2194",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Source code security studying tool iCodeChecker",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ipa.go.jp/security/vuln/iCodeChecker/",
                  "refsource": "MISC",
                  "url": "https://www.ipa.go.jp/security/vuln/iCodeChecker/"
                },
                {
                  "name": "JVN#25078144",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN25078144/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2194",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.713Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2180 (GCVE-0-2017-2180)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN32120290/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.652Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#32120290",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN32120290/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#32120290",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN32120290/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2180",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#32120290",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN32120290/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2180",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2182 (GCVE-0-2017-2182)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.
    Severity
    No CVSS data available.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN01404851/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#01404851",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN01404851/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#01404851",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN01404851/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2182",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#01404851",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN01404851/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2182",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.310Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2181 (GCVE-0-2017-2181)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.
    Severity
    No CVSS data available.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN20870477/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.426Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#20870477",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN20870477/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#20870477",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN20870477/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2181",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#20870477",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN20870477/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2181",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.426Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2179 (GCVE-0-2017-2179)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.
    Severity
    No CVSS data available.
    CWE
    • Remote code execution
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN80238098/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-06-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#80238098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN80238098/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "V3.0.2 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#80238098",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN80238098/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2179",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V3.0.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#80238098",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN80238098/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2179",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2174 (GCVE-0-2017-2174)

    Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097 third-party-advisoryx_refsource_JVNDB
    https://www.ipa.go.jp/sec/info/20170519.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN11326581/index.html third-party-advisoryx_refsource_JVN
    Date Public
    2017-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVNDB-2017-000097",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/sec/info/20170519.html"
              },
              {
                "name": "JVN#11326581",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN11326581/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Empirical Project Monitor - eXtended",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-22T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVNDB-2017-000097",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ipa.go.jp/sec/info/20170519.html"
            },
            {
              "name": "JVN#11326581",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN11326581/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2174",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Empirical Project Monitor - eXtended",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVNDB-2017-000097",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
                },
                {
                  "name": "https://www.ipa.go.jp/sec/info/20170519.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ipa.go.jp/sec/info/20170519.html"
                },
                {
                  "name": "JVN#11326581",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN11326581/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2174",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2173 (GCVE-0-2017-2173)

    Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN85512750/index.html third-party-advisoryx_refsource_JVN
    https://www.ipa.go.jp/sec/info/20170519.html x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096 third-party-advisoryx_refsource_JVNDB
    Date Public
    2017-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:03.722Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#85512750",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN85512750/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/sec/info/20170519.html"
              },
              {
                "name": "JVNDB-2017-000096",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Empirical Project Monitor - eXtended",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-22T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#85512750",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN85512750/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ipa.go.jp/sec/info/20170519.html"
            },
            {
              "name": "JVNDB-2017-000096",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2173",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Empirical Project Monitor - eXtended",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#85512750",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN85512750/index.html"
                },
                {
                  "name": "https://www.ipa.go.jp/sec/info/20170519.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ipa.go.jp/sec/info/20170519.html"
                },
                {
                  "name": "JVNDB-2017-000096",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2173",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:03.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2175 (GCVE-0-2017-2175)

    Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    https://www.ipa.go.jp/sec/info/20170519.html x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN12493656/index.html third-party-advisoryx_refsource_JVN
    http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098 third-party-advisoryx_refsource_JVNDB
    Date Public
    2017-05-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:05.158Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ipa.go.jp/sec/info/20170519.html"
              },
              {
                "name": "JVN#12493656",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN12493656/index.html"
              },
              {
                "name": "JVNDB-2017-000098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Empirical Project Monitor - eXtended",
              "vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-22T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ipa.go.jp/sec/info/20170519.html"
            },
            {
              "name": "JVN#12493656",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN12493656/index.html"
            },
            {
              "name": "JVNDB-2017-000098",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Empirical Project Monitor - eXtended",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ipa.go.jp/sec/info/20170519.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.ipa.go.jp/sec/info/20170519.html"
                },
                {
                  "name": "JVN#12493656",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN12493656/index.html"
                },
                {
                  "name": "JVNDB-2017-000098",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000098"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2175",
        "datePublished": "2017-05-22T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:05.158Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2019-000071

    Vulnerability from jvndb - Published: 2019-11-27 10:31 - Updated:2019-11-27 10:31
    Severity
    Summary
    STAMP Workbench installer may insecurely load Dynamic Link Libraries
    Details
    STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA). It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tonai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000071.html",
      "dc:date": "2019-11-27T10:31+09:00",
      "dcterms:issued": "2019-11-27T10:31+09:00",
      "dcterms:modified": "2019-11-27T10:31+09:00",
      "description": "STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA). It is distirbuted as a ZIP archive or an Windows executable installer.\r\nThe Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tonai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000071.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:stamp_workbench",
        "@product": "STAMP Workbench",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2019-000071",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/en/jp/JVN19386781/index.html",
          "@id": "JVN#19386781",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6019",
          "@id": "CVE-2019-6019",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6019",
          "@id": "CVE-2019-6019",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "STAMP Workbench installer may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000133

    Vulnerability from jvndb - Published: 2017-06-13 14:50 - Updated:2018-02-14 13:48
    Severity
    Summary
    Source code security studying tool iCodeChecker vulnerable to cross-site scripting
    Details
    Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a cross-site scripting vulnerability (CWE-79). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000133.html",
      "dc:date": "2018-02-14T13:48+09:00",
      "dcterms:issued": "2017-06-13T14:50+09:00",
      "dcterms:modified": "2018-02-14T13:48+09:00",
      "description": "Source code security studying tool iCodeChecker provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000133.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:icodechecker",
        "@product": "Source code security studying tool iCodeChecker",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000133",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN25078144/index.html",
          "@id": "JVN#25078144",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2194",
          "@id": "CVE-2017-2194",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2194",
          "@id": "CVE-2017-2194",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Source code security studying tool iCodeChecker vulnerable to cross-site scripting"
    }

    JVNDB-2017-000117

    Vulnerability from jvndb - Published: 2017-06-09 13:49 - Updated:2018-02-14 11:58
    Severity
    Summary
    Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries
    Details
    Installer of CASL II simulator(self-extract format) provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000117.html",
      "dc:date": "2018-02-14T11:58+09:00",
      "dcterms:issued": "2017-06-09T13:49+09:00",
      "dcterms:modified": "2018-02-14T11:58+09:00",
      "description": "Installer of CASL II simulator(self-extract format) provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000117.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:casl_ii_simulator",
        "@product": "CASL II simulator",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000117",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN67305782/index.html",
          "@id": "JVN#67305782",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2220",
          "@id": "CVE-2017-2220",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2220",
          "@id": "CVE-2017-2220",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of CASL II simulator(self-extract format) may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000113

    Vulnerability from jvndb - Published: 2017-06-06 14:21 - Updated:2017-11-27 17:22
    Severity
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
    Details
    AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN#80238098 and JVN#01404851. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000113.html",
      "dc:date": "2017-11-27T17:22+09:00",
      "dcterms:issued": "2017-06-06T14:21+09:00",
      "dcterms:modified": "2017-11-27T17:22+09:00",
      "description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains a remote code execution vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#80238098 and JVN#01404851.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000113.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:appgoat",
        "@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000113",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN20870477/index.html",
          "@id": "JVN#20870477",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2181",
          "@id": "CVE-2017-2181",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2181",
          "@id": "CVE-2017-2181",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to remote code execution"
    }

    JVNDB-2017-000112

    Vulnerability from jvndb - Published: 2017-06-06 14:20 - Updated:2017-11-27 17:22
    Severity
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to information disclosure
    Details
    AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains an information disclosure vulnerability. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000112.html",
      "dc:date": "2017-11-27T17:22+09:00",
      "dcterms:issued": "2017-06-06T14:20+09:00",
      "dcterms:modified": "2017-11-27T17:22+09:00",
      "description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains an information disclosure vulnerability.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000112.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:appgoat",
        "@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000112",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN32120290/index.html",
          "@id": "JVN#32120290",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2180",
          "@id": "CVE-2017-2180",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2180",
          "@id": "CVE-2017-2180",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        }
      ],
      "title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to information disclosure"
    }

    JVNDB-2017-000114

    Vulnerability from jvndb - Published: 2017-06-06 14:19 - Updated:2017-11-27 17:22
    Severity
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
    Details
    AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN#80238098 and JVN#20870477. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000114.html",
      "dc:date": "2017-11-27T17:22+09:00",
      "dcterms:issued": "2017-06-06T14:19+09:00",
      "dcterms:modified": "2017-11-27T17:22+09:00",
      "description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains a remote code execution vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#80238098 and JVN#20870477.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000114.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:appgoat",
        "@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000114",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN01404851/index.html",
          "@id": "JVN#01404851",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2182",
          "@id": "CVE-2017-2182",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2182",
          "@id": "CVE-2017-2182",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to remote code execution"
    }

    JVNDB-2017-000111

    Vulnerability from jvndb - Published: 2017-06-06 14:19 - Updated:2017-11-27 17:22
    Severity
    Summary
    Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution
    Details
    AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Note that this vulnerability is different from JVN#20870477 and JVN#01404851. Masato Kinugawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000111.html",
      "dc:date": "2017-11-27T17:22+09:00",
      "dcterms:issued": "2017-06-06T14:19+09:00",
      "dcterms:modified": "2017-11-27T17:22+09:00",
      "description": "AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application contains a remote code execution vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#20870477 and JVN#01404851.\r\n\r\nMasato Kinugawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000111.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:appgoat",
        "@product": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000111",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN80238098/index.html",
          "@id": "JVN#80238098",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2179",
          "@id": "CVE-2017-2179",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2179",
          "@id": "CVE-2017-2179",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-20",
          "@title": "Improper Input Validation(CWE-20)"
        }
      ],
      "title": "Hands-on Vulnerability Learning Tool \"AppGoat\" vulnerable to remote code execution"
    }

    JVNDB-2017-000098

    Vulnerability from jvndb - Published: 2017-05-19 14:57 - Updated:2017-11-27 18:01
    Severity
    Summary
    The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries
    Details
    The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html",
      "dc:date": "2017-11-27T18:01+09:00",
      "dcterms:issued": "2017-05-19T14:57+09:00",
      "dcterms:modified": "2017-11-27T18:01+09:00",
      "description": "The installer of Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000098.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
        "@product": "Empirical Project Monitor - eXtended",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000098",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN12493656/index.html",
          "@id": "JVN#12493656",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2175",
          "@id": "CVE-2017-2175",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2175",
          "@id": "CVE-2017-2175",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of Empirical Project Monitor - eXtended may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000097

    Vulnerability from jvndb - Published: 2017-05-19 14:55 - Updated:2017-11-27 18:01
    Severity
    Summary
    Empirical Project Monitor - eXtended vulnerable to cross-site scripting
    Details
    Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability. Note that this vulnerability is different from JVN#85512750. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html",
      "dc:date": "2017-11-27T18:01+09:00",
      "dcterms:issued": "2017-05-19T14:55+09:00",
      "dcterms:modified": "2017-11-27T18:01+09:00",
      "description": "Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a reflected cross-site scripting vulnerability.\r\n\r\nNote that this vulnerability is different from JVN#85512750.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000097.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
        "@product": "Empirical Project Monitor - eXtended",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000097",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN11326581/index.html",
          "@id": "JVN#11326581",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2174",
          "@id": "CVE-2017-2174",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2174",
          "@id": "CVE-2017-2174",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Empirical Project Monitor - eXtended vulnerable to cross-site scripting"
    }

    JVNDB-2017-000096

    Vulnerability from jvndb - Published: 2017-05-19 14:53 - Updated:2017-11-27 18:01
    Severity
    Summary
    Empirical Project Monitor - eXtended vulnerable to cross-site scripting
    Details
    Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79). Note that this vulnerability is different from JVN#11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html",
      "dc:date": "2017-11-27T18:01+09:00",
      "dcterms:issued": "2017-05-19T14:53+09:00",
      "dcterms:modified": "2017-11-27T18:01+09:00",
      "description": "Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA) contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nNote that this vulnerability is different from JVN#11326581.\r\n\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000096.html",
      "sec:cpe": {
        "#text": "cpe:/a:ipa:empirical_project_monitor_-_extended",
        "@product": "Empirical Project Monitor - eXtended",
        "@vendor": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.4",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000096",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN85512750/index.html",
          "@id": "JVN#85512750",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2173",
          "@id": "CVE-2017-2173",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2173",
          "@id": "CVE-2017-2173",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Empirical Project Monitor - eXtended vulnerable to cross-site scripting"
    }