Search

Find a vulnerability

Search criteria

    14 vulnerabilities by The Ministry of Justice

    CVE-2023-32639 (GCVE-0-2023-32639)

    Vulnerability from nvd – Published: 2023-07-25 03:32 – Updated: 2024-10-23 19:14
    VLAI
    Summary
    Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • XML external entities (XXE)
    Assigner
    Impacted products
    Vendor Product Version
    The Ministry of Justice Applicant Programme Affected: Ver.7.06 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:35.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.moj.go.jp/MINJI/minji06_00002.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN37857022/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T19:14:20.829499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T19:14:30.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Applicant Programme",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.7.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML external entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T03:32:37.911Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.moj.go.jp/MINJI/minji06_00002.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN37857022/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32639",
        "datePublished": "2023-07-25T03:32:37.911Z",
        "dateReserved": "2023-05-11T04:09:45.920Z",
        "dateUpdated": "2024-10-23T19:14:30.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27527 (GCVE-0-2023-27527)

    Vulnerability from nvd – Published: 2023-05-10 00:00 – Updated: 2025-01-28 14:19
    VLAI
    Summary
    Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper restriction of XML external entity reference (XXE)
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:16:35.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.touki-kyoutaku-online.moj.go.jp/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN73178249/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.5,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T14:18:14.384572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-611",
                    "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T14:19:39.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Shinseiyo Sogo Soft",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "(7.9A) and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper restriction of XML external entity reference (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.touki-kyoutaku-online.moj.go.jp/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN73178249/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-27527",
        "datePublished": "2023-05-10T00:00:00.000Z",
        "dateReserved": "2023-03-15T00:00:00.000Z",
        "dateUpdated": "2025-01-28T14:19:39.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2233 (GCVE-0-2017-2233)

    Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN45134765/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    The Ministry of Justice Installer of PDF Digital Signature Plugin Affected: (G2.30) and earlier, distributed till June 29, 2017
    Create a notification for this product.
    Date Public
    2017-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#45134765",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN45134765/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of PDF Digital Signature Plugin",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "(G2.30) and earlier, distributed till June 29, 2017"
                }
              ]
            }
          ],
          "datePublic": "2017-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#45134765",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN45134765/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of PDF Digital Signature Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(G2.30) and earlier, distributed till June 29, 2017"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Ministry of Justice"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#45134765",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN45134765/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2233",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2232 (GCVE-0-2017-2232)

    Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN23389212/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Date Public
    2017-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23389212",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN23389212/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of Shinseiyo Sogo Soft",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "(4.8A) and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23389212",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN23389212/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of Shinseiyo Sogo Soft",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(4.8A) and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Ministry of Justice"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23389212",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN23389212/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2232",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32639 (GCVE-0-2023-32639)

    Vulnerability from cvelistv5 – Published: 2023-07-25 03:32 – Updated: 2024-10-23 19:14
    VLAI
    Summary
    Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • XML external entities (XXE)
    Assigner
    Impacted products
    Vendor Product Version
    The Ministry of Justice Applicant Programme Affected: Ver.7.06 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:25:35.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.moj.go.jp/MINJI/minji06_00002.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN37857022/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T19:14:20.829499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T19:14:30.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Applicant Programme",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.7.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML external entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-25T03:32:37.911Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.moj.go.jp/MINJI/minji06_00002.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN37857022/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-32639",
        "datePublished": "2023-07-25T03:32:37.911Z",
        "dateReserved": "2023-05-11T04:09:45.920Z",
        "dateUpdated": "2024-10-23T19:14:30.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27527 (GCVE-0-2023-27527)

    Vulnerability from cvelistv5 – Published: 2023-05-10 00:00 – Updated: 2025-01-28 14:19
    VLAI
    Summary
    Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper restriction of XML external entity reference (XXE)
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:16:35.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.touki-kyoutaku-online.moj.go.jp/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN73178249/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 2.5,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T14:18:14.384572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-611",
                    "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T14:19:39.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Shinseiyo Sogo Soft",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "(7.9A) and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper restriction of XML external entity reference (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-10T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.touki-kyoutaku-online.moj.go.jp/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN73178249/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-27527",
        "datePublished": "2023-05-10T00:00:00.000Z",
        "dateReserved": "2023-03-15T00:00:00.000Z",
        "dateUpdated": "2025-01-28T14:19:39.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2233 (GCVE-0-2017-2233)

    Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN45134765/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    The Ministry of Justice Installer of PDF Digital Signature Plugin Affected: (G2.30) and earlier, distributed till June 29, 2017
    Create a notification for this product.
    Date Public
    2017-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#45134765",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN45134765/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of PDF Digital Signature Plugin",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "(G2.30) and earlier, distributed till June 29, 2017"
                }
              ]
            }
          ],
          "datePublic": "2017-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#45134765",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN45134765/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of PDF Digital Signature Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(G2.30) and earlier, distributed till June 29, 2017"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Ministry of Justice"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#45134765",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN45134765/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2233",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2232 (GCVE-0-2017-2232)

    Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
    VLAI
    Summary
    Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN23389212/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Date Public
    2017-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:48:04.294Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23389212",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN23389212/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installer of Shinseiyo Sogo Soft",
              "vendor": "The Ministry of Justice",
              "versions": [
                {
                  "status": "affected",
                  "version": "(4.8A) and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T12:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23389212",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN23389212/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installer of Shinseiyo Sogo Soft",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "(4.8A) and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "The Ministry of Justice"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23389212",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN23389212/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2232",
        "datePublished": "2017-07-07T13:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:48:04.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2023-000075

    Vulnerability from jvndb - Published: 2023-07-24 15:44 - Updated:2024-04-22 14:20
    Severity
    Summary
    Improper restriction of XML external entity references (XXE) in Applicant Programme
    Details
    Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references (XXE) (CWE-611). Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000075.html",
      "dc:date": "2024-04-22T14:20+09:00",
      "dcterms:issued": "2023-07-24T15:44+09:00",
      "dcterms:modified": "2024-04-22T14:20+09:00",
      "description": "Applicant Programme provided by The Ministry of Justice improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nToyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000075.html",
      "sec:cpe": {
        "#text": "cpe:/a:moj:applicant_programme",
        "@product": "Applicant Programme",
        "@vendor": "The Ministry of Justice",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "1.2",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000075",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN37857022/index.html",
          "@id": "JVN#37857022",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-32639",
          "@id": "CVE-2023-32639",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32639",
          "@id": "CVE-2023-32639",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper restriction of XML external entity references (XXE) in Applicant Programme"
    }

    JVNDB-2023-000035

    Vulnerability from jvndb - Published: 2023-04-19 14:49 - Updated:2024-05-29 16:58
    Severity
    Summary
    Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
    Details
    Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references (XXE) (CWE-611). Taku Toyama of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000035.html",
      "dc:date": "2024-05-29T16:58+09:00",
      "dcterms:issued": "2023-04-19T14:49+09:00",
      "dcterms:modified": "2024-05-29T16:58+09:00",
      "description": "Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nTaku Toyama of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000035.html",
      "sec:cpe": {
        "#text": "cpe:/a:moj:shinseiyo_sogo_soft",
        "@product": "Shinseiyo Sogo Soft",
        "@vendor": "The Ministry of Justice",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "1.2",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000035",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN73178249/index.html",
          "@id": "JVN#73178249",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27527",
          "@id": "CVE-2023-27527",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27527",
          "@id": "CVE-2023-27527",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft"
    }

    JVNDB-2017-000205

    Vulnerability from jvndb - Published: 2017-08-23 15:24 - Updated:2018-02-28 14:04
    Severity
    Summary
    The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
    Details
    The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). DigiGnome and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000205.html",
      "dc:date": "2018-02-28T14:04+09:00",
      "dcterms:issued": "2017-08-23T15:24+09:00",
      "dcterms:modified": "2018-02-28T14:04+09:00",
      "description": "The electronic authentication system based on the commercial registration system \"The CRCA user\u0027s Software\" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nDigiGnome and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000205.html",
      "sec:cpe": {
        "#text": "cpe:/a:moj:touki_denshi",
        "@product": "The electronic authentication system based on the commercial registration system \"The CRCA user\u0027s Software\"",
        "@vendor": "The Ministry of Justice",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000205",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN30866130/index.html",
          "@id": "JVN#30866130",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10831",
          "@id": "CVE-2017-10831",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10831",
          "@id": "CVE-2017-10831",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system \"The CRCA user\u0027s Software\"] may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000152

    Vulnerability from jvndb - Published: 2017-06-30 14:19 - Updated:2018-02-07 12:22
    Severity
    Summary
    Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
    Details
    Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications Corporation, and Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000152.html",
      "dc:date": "2018-02-07T12:22+09:00",
      "dcterms:issued": "2017-06-30T14:19+09:00",
      "dcterms:modified": "2018-02-07T12:22+09:00",
      "description": "Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications Corporation, and Eili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000152.html",
      "sec:cpe": {
        "#text": "cpe:/a:moj:shinseiyo_sogo_soft",
        "@product": "Shinseiyo Sogo Soft",
        "@vendor": "The Ministry of Justice",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000152",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN23389212/index.html",
          "@id": "JVN#23389212",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2232",
          "@id": "CVE-2017-2232",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2232",
          "@id": "CVE-2017-2232",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000153

    Vulnerability from jvndb - Published: 2017-06-30 14:18 - Updated:2018-02-07 12:21
    Severity
    Summary
    Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries
    Details
    Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation and Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000153.html",
      "dc:date": "2018-02-07T12:21+09:00",
      "dcterms:issued": "2017-06-30T14:18+09:00",
      "dcterms:modified": "2018-02-07T12:21+09:00",
      "description": "Installer of PDF Digital Signature Plugin provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nYuji Tounai of NTT Communications Corporation and Eili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000153.html",
      "sec:cpe": {
        "#text": "cpe:/a:moj:pdf_digital_signature",
        "@product": "PDF Digital Signature Plugin",
        "@vendor": "The Ministry of Justice",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000153",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN45134765/index.html",
          "@id": "JVN#45134765",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2233",
          "@id": "CVE-2017-2233",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2233",
          "@id": "CVE-2017-2233",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of PDF Digital Signature Plugin provided by the Ministry of Justice may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000102

    Vulnerability from jvndb - Published: 2017-06-06 11:19 - Updated:2018-01-17 13:58
    Severity
    Summary
    The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system "The CRCA user's Software"] may insecurely load Dynamic Link Libraries
    Details
    The electronic authentication system based on the commercial registration system "The CRCA user's Software" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000102.html",
      "dc:date": "2018-01-17T13:58+09:00",
      "dcterms:issued": "2017-06-06T11:19+09:00",
      "dcterms:modified": "2018-01-17T13:58+09:00",
      "description": "The electronic authentication system based on the commercial registration system \"The CRCA user\u0027s Software\" provided by the Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000102.html",
      "sec:cpe": {
        "#text": "cpe:/a:moj:touki_denshi",
        "@product": "The electronic authentication system based on the commercial registration system \"The CRCA user\u0027s Software\"",
        "@vendor": "The Ministry of Justice",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000102",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN92422409/index.html",
          "@id": "JVN#92422409",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2177",
          "@id": "CVE-2017-2177",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2177",
          "@id": "CVE-2017-2177",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of the Ministry of Justice [The electronic authentication system based on the commercial registration system \"The CRCA user\u0027s Software\"] may insecurely load Dynamic Link Libraries"
    }