Japan Vulnerability NotesJVN:86350682JVN#86350682: Multiple vulnerabilities in SHIRASAGI
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
59.2%
SHIRASAGI provided by SHIRASAGI Project contains multiple vulnerabilities listed below.
Open Redirect (CWE-601) - CVE-2022-43479
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N | Base Score: 4.7 |
| CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Stored Cross-site Scripting (CWE-79) - CVE-2022-43499
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | Base Score: 4.8 |
| CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Impact
- The user may be redirected to an arbitrary website and become a victim of a phishing attack - CVE-2022-43479
- An arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege - CVE-2022-43499
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
The developer has released the versions listed below that address the vulnerabilities.
- CVE-2022-43479:SHIRASAGI v1.16.0
- CVE-2022-43499:SHIRASAGI v1.16.2
For more information, refer to the information provided by the developer.
Products Affected
CVE-2022-43479
-
SHIRASAGI v1.14.4 to v1.15.0
CVE-2022-43499 -
SHIRASAGI versions prior to v1.16.2
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.002 Low
EPSS
Percentile
59.2%