CVE-2024-33622 (GCVE-0-2024-33622)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:44 – Updated: 2024-11-21 15:37
VLAI
EPSS
VEX
Summary
Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Missing authentication for critical function
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager SaaS |
Affected:
Versions before the maintenance on June 16
Affected: 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T16:30:50.447465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:37:25.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager SaaS",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "Versions before the maintenance on June 16"
},
{
"status": "affected",
"version": " 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authentication for critical function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:18.590Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33622",
"datePublished": "2024-06-18T05:44:18.590Z",
"dateReserved": "2024-05-22T00:24:00.288Z",
"dateUpdated": "2024-11-21T15:37:25.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-33622",
"date": "2026-07-12",
"epss": "0.00438",
"percentile": "0.35336"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-33622\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-06-18T06:15:11.163\",\"lastModified\":\"2026-06-17T07:32:06.517\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.\"},{\"lang\":\"es\",\"value\":\"Falta autenticaci\u00f3n para una vulnerabilidad de funci\u00f3n cr\u00edtica en ID Link Manager y FUJITSU Software TIME CREATOR. Si se explota esta vulnerabilidad, un atacante remoto autenticado puede obtener informaci\u00f3n confidencial y/o la informaci\u00f3n almacenada en la base de datos puede ser alterada.\"}],\"affected\":[{\"source\":\"vultures@jpcert.or.jp\",\"affectedData\":[{\"vendor\":\"Fsas Technologies Inc.\",\"product\":\"FUJITSU Business Application ID Link Manager II\",\"versions\":[{\"version\":\"V1.8 and earlier\",\"status\":\"affected\"}]},{\"vendor\":\"Fsas Technologies Inc.\",\"product\":\"FUJITSU Software ID Link Manager\",\"versions\":[{\"version\":\"V2.0\",\"status\":\"affected\"}]},{\"vendor\":\"Fsas Technologies Inc.\",\"product\":\"FUJITSU Software TIME CREATOR ID Link Manager\",\"versions\":[{\"version\":\"V2.3.0\",\"status\":\"affected\"},{\"version\":\" V2.3.1\",\"status\":\"affected\"},{\"version\":\" V2.4\",\"status\":\"affected\"},{\"version\":\" V2.5\",\"status\":\"affected\"},{\"version\":\" V2.6\",\"status\":\"affected\"},{\"version\":\" and V2.7\",\"status\":\"affected\"}]},{\"vendor\":\"Fsas Technologies Inc.\",\"product\":\"FUJITSU Software TIME CREATOR ID Link Manager\",\"versions\":[{\"version\":\"V3.0\",\"status\":\"affected\"},{\"version\":\" V3.0.2\",\"status\":\"affected\"},{\"version\":\" V3.0.2.1\",\"status\":\"affected\"},{\"version\":\" and V3.0.3\",\"status\":\"affected\"}]},{\"vendor\":\"Fsas Technologies Inc.\",\"product\":\"FUJITSU Software TIME CREATOR ID Link Manager SaaS\",\"versions\":[{\"version\":\"Versions before the maintenance on June 16\",\"status\":\"affected\"},{\"version\":\" 2024\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-01T16:30:50.447465Z\",\"id\":\"CVE-2024-33622\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN65171386/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://jvn.jp/en/jp/JVN65171386/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T21:42:12+00:00",
"cve": "CVE-2024-33622",
"id": "CVE-2024-33622",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "CVE-2024-33622",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33622.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN65171386/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:36:04.055Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-33622\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-01T16:30:50.447465Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-01T16:31:01.345Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"FUJITSU Business Application ID Link Manager II\", \"versions\": [{\"status\": \"affected\", \"version\": \"V1.8 and earlier\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"FUJITSU Software ID Link Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.0\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"FUJITSU Software TIME CREATOR ID Link Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"V2.3.0\"}, {\"status\": \"affected\", \"version\": \" V2.3.1\"}, {\"status\": \"affected\", \"version\": \" V2.4\"}, {\"status\": \"affected\", \"version\": \" V2.5\"}, {\"status\": \"affected\", \"version\": \" V2.6\"}, {\"status\": \"affected\", \"version\": \" and V2.7\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"FUJITSU Software TIME CREATOR ID Link Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.0\"}, {\"status\": \"affected\", \"version\": \" V3.0.2\"}, {\"status\": \"affected\", \"version\": \" V3.0.2.1\"}, {\"status\": \"affected\", \"version\": \" and V3.0.3\"}]}, {\"vendor\": \"Fsas Technologies Inc.\", \"product\": \"FUJITSU Software TIME CREATOR ID Link Manager SaaS\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions before the maintenance on June 16\"}, {\"status\": \"affected\", \"version\": \" 2024\"}]}], \"references\": [{\"url\": \"https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html\"}, {\"url\": \"https://jvn.jp/en/jp/JVN65171386/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Missing authentication for critical function\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-06-18T05:44:18.590Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-33622\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-21T15:37:25.545Z\", \"dateReserved\": \"2024-05-22T00:24:00.288Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-06-18T05:44:18.590Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…