Search

Find a vulnerability

Search criteria

    3 vulnerabilities by Sumitomo Electric Information Systems Co., Ltd.

    CVE-2023-49108 (GCVE-0-2023-49108)

    Vulnerability from nvd – Published: 2023-12-04 05:08 – Updated: 2024-08-02 21:46
    VLAI
    Summary
    Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    Sumitomo Electric Information Systems Co., Ltd. RakRak Document Plus Affected: Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:29.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://rakrak.jp/RakDocSupport/rkspServlet"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46895889/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RakRak Document Plus",
              "vendor": "Sumitomo Electric Information Systems Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-04T05:08:29.398Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://rakrak.jp/RakDocSupport/rkspServlet"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN46895889/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49108",
        "datePublished": "2023-12-04T05:08:29.398Z",
        "dateReserved": "2023-11-22T04:24:31.707Z",
        "dateUpdated": "2024-08-02T21:46:29.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49108 (GCVE-0-2023-49108)

    Vulnerability from cvelistv5 – Published: 2023-12-04 05:08 – Updated: 2024-08-02 21:46
    VLAI
    Summary
    Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    Impacted products
    Vendor Product Version
    Sumitomo Electric Information Systems Co., Ltd. RakRak Document Plus Affected: Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T21:46:29.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://rakrak.jp/RakDocSupport/rkspServlet"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN46895889/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RakRak Document Plus",
              "vendor": "Sumitomo Electric Information Systems Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-04T05:08:29.398Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://rakrak.jp/RakDocSupport/rkspServlet"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN46895889/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-49108",
        "datePublished": "2023-12-04T05:08:29.398Z",
        "dateReserved": "2023-11-22T04:24:31.707Z",
        "dateUpdated": "2024-08-02T21:46:29.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2023-000121

    Vulnerability from jvndb - Published: 2023-12-04 13:45 - Updated:2024-01-24 12:06
    Severity
    Summary
    RakRak Document Plus vulnerable to path traversal
    Details
    RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22). Asato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000121.html",
      "dc:date": "2024-01-24T12:06+09:00",
      "dcterms:issued": "2023-12-04T13:45+09:00",
      "dcterms:modified": "2024-01-24T12:06+09:00",
      "description": "RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22).\r\n\r\nAsato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000121.html",
      "sec:cpe": {
        "#text": "cpe:/a:sei-info:rakrak_document_plus",
        "@product": "RakRak Document Plus",
        "@vendor": "Sumitomo Electric Information Systems Co., Ltd.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:C/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000121",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN46895889/index.html",
          "@id": "JVN#46895889",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-49108",
          "@id": "CVE-2023-49108",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49108#vulnConfigurationsArea",
          "@id": "CVE-2023-49108",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "RakRak Document Plus vulnerable to path traversal"
    }