Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.
Improper restriction of communication channel to intended endpoints (CWE-923) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004Use of hard-coded credentials (CWE-798)CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.1 CVE-2024-36480 ricoh-2024-000005Use of potentially dangerous function (CWE-676)CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 4.0 CVE-2024-37124 ricoh-2024-000006Use of potentially dangerous function (CWE-676) CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 4.0 CVE-2024-37387 ricoh-2024-000007
Update the Software
Update the software to the latest version by using the appropriate installer for the fixed version according to the information provided by the developer.
For more information, refer to the information provided by the developer.
CVE-2024-36252
Ricoh Streamline NX PC Client ver.3.6.x and earlier
CVE-2024-36480
Ricoh Streamline NX PC Client ver.3.7.2 and earlier
CVE-2024-37124, CVE-2024-37387
Ricoh Streamline NX PC Client ver.3.2.1.19, ver.3.3.1.3, ver.3.3.2.201, ver.3.4.3.1, ver.3.5.1.201 (ver.3.5.1.200op1), ver.3.6.100.53, and ver.3.6.2.1