13 matches found
CVE-2023-22336
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilitie...
CVE-2023-22335
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with...
CVE-2023-22336
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilitie...
CVE-2023-22344
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336...
Improper access control
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with...
Hardcoded credentials
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336...
Path traversal
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilitie...
CVE-2023-22336
Technical details about CVE-2023-22336 are not publicly available in the provided connected documents. Monitor for updates; no concrete product/version/impact information is provided here.
CVE-2023-22336
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilitie...
CVE-2023-22335
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with...
CVE-2023-22344
CVE-2023-22344 concerns hard-coded credentials in SS1 v13.0.0.40 and earlier and Rakuraku PC Cloud Agent v2.1.8 and earlier, enabling a remote attacker to obtain the debug password and execute it. The vulnerability is described in Red Hat and NVD sources as enabling a remote code execution with S...
CVE-2023-22335
CVE-2023-22335 affects SS1 v13.0.0.40 and earlier and Rakuraku PC Cloud Agent v2.1.8 and earlier. It is an improper access control vulnerability that lets a remote attacker bypass restrictions and download an arbitrary file from the product directory. The issue is contextually chained with CVE-20...
JVN#57224029: Multiple vulnerabilities in SS1 and Rakuraku PC Cloud
SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2023-22335 Version| Vector| Score ---|---|--- CVSS v3|...