ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below.
Path Traversal (CWE-36) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Base Score 8.6 CVE-2024-33620Missing Authentication (CWE-306)CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score 5.4 CVE-2024-33622Information disclosure (CWE-204) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 CVE-2024-34024
Apply the Patch
For ID Link Manager and FUJITSU Software TIME CREATOR, apply the patches according to the information provided by the developer.
The issues in FUJITSU Software TIME CREATOR ID Link Manager SaaS are fixed with the update on June 16, 2024.
CVE-2024-33620
FUJITSU Business Application ID Link Manager II V1.8 and earlier
FUJITSU Software ID Link Manager V2.0
FUJITSU Software TIME CREATOR ID Link Manager V2.3.0, V2.3.1, V2.4, V2.5, V2.6, V2.7
FUJITSU Software TIME CREATOR ID Link Manager V3.0, V3.0.2, V3.0.2.1, V3.0.3
CVE-2024-33622, CVE-2024-34024
FUJITSU Business Application ID Link Manager II V1.8 and earlier
FUJITSU Software ID Link Manager V2.0
FUJITSU Software TIME CREATOR ID Link Manager V2.3.0, V2.3.1, V2.4, V2.5, V2.6, V2.7
FUJITSU Software TIME CREATOR ID Link Manager V3.0, V3.0.2, V3.0.2.1, V3.0.3
FUJITSU Software TIME CREATOR ID Link Manager SaaS (Versions before the maintenance on June 16, 2024)