JVNDB-2024-000057

Vulnerability from jvndb - Published: 2024-06-03 15:32 - Updated:2024-06-03 15:32
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in UNIVERSAL PASSPORT RX
Details
UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below.
  • Cross-site scripting (CWE-79) - CVE-2023-42427
  • Dependency on vulnerable third-party component (CWE-1395)
    Known vulnerability in Primefaces library used in the product
  • Cross-site scripting (CWE-79) - CVE-2023-51436
CVE-2023-42427 Japan System Techniques Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Japan System Techniques Co., Ltd. coordinated under the Information Security Early Warning Partnership. Known vulnerability in Primefaces library Morita Keiichi and Watanabe Kosuke of Tokyo Denki University reported to Japan System Techniques Co., Ltd. that this vulnerability still exists in the product and coordinated. Japan System Techniques Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability. CVE-2023-51436 MATSUMOTO Yuuki of Tokyo University of Information Sciences reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000057.html",
  "dc:date": "2024-06-03T15:32+09:00",
  "dcterms:issued": "2024-06-03T15:32+09:00",
  "dcterms:modified": "2024-06-03T15:32+09:00",
  "description": "UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2023-42427\u003c/li\u003e\r\n\u003cli\u003eDependency on vulnerable third-party component (CWE-1395)\u003cbr /\u003e\r\nKnown vulnerability in Primefaces library used in the product\u003c/li\u003e\r\n\u003cli\u003eCross-site scripting (CWE-79) - CVE-2023-51436\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2023-42427\r\nJapan System Techniques Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Japan System Techniques Co., Ltd. coordinated under the Information Security Early Warning Partnership.\r\n\r\nKnown vulnerability in Primefaces library\r\nMorita Keiichi and Watanabe Kosuke of Tokyo Denki University reported to Japan System Techniques Co., Ltd. that this vulnerability still exists in the product and coordinated. Japan System Techniques Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.\r\n\r\nCVE-2023-51436\r\nMATSUMOTO Yuuki of Tokyo University of Information Sciences reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000057.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:misc:japan_system_techniques_universal_passport_rx",
      "@product": "UNIVERSAL PASSPORT RX",
      "@vendor": "Japan System Techniques Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:japan_system_techniques_universal_passport_rx",
      "@product": "UNIVERSAL PASSPORT RX",
      "@vendor": "Japan System Techniques Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000057",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN43215077/index.html",
      "@id": "JVN#43215077",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-42427",
      "@id": "CVE-2023-42427",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-51436",
      "@id": "CVE-2023-51436",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in UNIVERSAL PASSPORT RX"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.