Search
Find a vulnerability
Search criteria
3 vulnerabilities by Sumitomo Electric Information Systems Co., Ltd.
CVE-2023-49108 (GCVE-0-2023-49108)
Vulnerability from nvd – Published: 2023-12-04 05:08 – Updated: 2024-08-02 21:46
VLAI
Summary
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sumitomo Electric Information Systems Co., Ltd. | RakRak Document Plus |
Affected:
Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rakrak.jp/RakDocSupport/rkspServlet"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46895889/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RakRak Document Plus",
"vendor": "Sumitomo Electric Information Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T05:08:29.398Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://rakrak.jp/RakDocSupport/rkspServlet"
},
{
"url": "https://jvn.jp/en/jp/JVN46895889/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49108",
"datePublished": "2023-12-04T05:08:29.398Z",
"dateReserved": "2023-11-22T04:24:31.707Z",
"dateUpdated": "2024-08-02T21:46:29.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49108 (GCVE-0-2023-49108)
Vulnerability from cvelistv5 – Published: 2023-12-04 05:08 – Updated: 2024-08-02 21:46
VLAI
Summary
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sumitomo Electric Information Systems Co., Ltd. | RakRak Document Plus |
Affected:
Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rakrak.jp/RakDocSupport/rkspServlet"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46895889/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RakRak Document Plus",
"vendor": "Sumitomo Electric Information Systems Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T05:08:29.398Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://rakrak.jp/RakDocSupport/rkspServlet"
},
{
"url": "https://jvn.jp/en/jp/JVN46895889/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49108",
"datePublished": "2023-12-04T05:08:29.398Z",
"dateReserved": "2023-11-22T04:24:31.707Z",
"dateUpdated": "2024-08-02T21:46:29.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-000121
Vulnerability from jvndb - Published: 2023-12-04 13:45 - Updated:2024-01-24 12:06
Severity
Summary
RakRak Document Plus vulnerable to path traversal
Details
RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22).
Asato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000121.html",
"dc:date": "2024-01-24T12:06+09:00",
"dcterms:issued": "2023-12-04T13:45+09:00",
"dcterms:modified": "2024-01-24T12:06+09:00",
"description": "RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22).\r\n\r\nAsato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000121.html",
"sec:cpe": {
"#text": "cpe:/a:sei-info:rakrak_document_plus",
"@product": "RakRak Document Plus",
"@vendor": "Sumitomo Electric Information Systems Co., Ltd.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000121",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN46895889/index.html",
"@id": "JVN#46895889",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-49108",
"@id": "CVE-2023-49108",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49108#vulnConfigurationsArea",
"@id": "CVE-2023-49108",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "RakRak Document Plus vulnerable to path traversal"
}