Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/14 12:0 a.m.76 views

JVN#71263107: Multiple vulnerabilities in Cisco Small Business Series Wireless Access Points

Cisco Small Business Series Wireless Access Points provided by Cisco Systems, Inc. contain multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-1400 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

9CVSS8.6AI score0.02034EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/14 12:0 a.m.80 views

JVN#49704918: mod_auth_openidc vulnerable to denial-of-service (DoS)

modauthopenidc provided by ZmartZone is an OpenID Connect's Relying Party module for Apache HTTP Server. This module contains a denial-of-service DoS vulnerability CWE-400. Impact A remote attacker may cause a denial-of-service DoS condition. Solution Update the software Update to the latest...

7.5CVSS7.3AI score0.03395EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/13 7:5 a.m.4 views

Multiple vulnerabilities in KonaWiki2

Overview KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Unrestricted upload of file with dangerous type CWE-434 - CVE-2021-20721 apple502j reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

9.8CVSS7.5AI score0.01522EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/13 7:5 a.m.3 views

RFNTPS vulnerable to OS command injection

Overview RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Tomoomi Iwata of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

8.8CVSS7.5AI score0.0044EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/13 12:0 a.m.159 views

JVN#13076220: RFNTPS vulnerable to OS command injection

RFNTPS provided by NIPPON ANTENNA Co.,Ltd. is a terrestrial reception type NTP server. RFNTPS contains an OS command injection vulnerability CWE-78. Impact A user on the same LAN who can access the product may execute an arbitrary OS command with root privilege. Solution Update the Firmware Updat...

7.7CVSS6.8AI score0.0044EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/13 12:0 a.m.174 views

JVN#34232719: Multiple vulnerabilities in KonaWiki2

KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below. SQL Injection CWE-89 - CVE-2021-20720 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L| Base Score: 7.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5 Unrestricted upload...

9.8CVSS9.9AI score0.01522EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/10 9:8 a.m.5 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild...

7.1CVSS6AI score0.02308EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/10 12:0 a.m.66 views

JVN#97554111: EC-CUBE vulnerable to cross-site scripting

EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild. Impact If a...

6.1CVSS6AI score0.02308EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/28 7:15 a.m.2 views

Multiple Buffalo network devices contain hidden functionality

Overview Multiple network devices provided by BUFFALO INC. contain hidden functionality CWE-912 that allows an attacker to enable the debug option. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact A network-adjacent attacker...

10CVSS7.4AI score0.03179EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/28 7:14 a.m.3 views

Multiple vulnerabilities in Buffalo broadband routers

Overview Multiple broadband routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Disclosure of sensitive information to an unauthorized user CWE-200 - CVE-2021-3511 Improper access control CWE-284 - CVE-2021-3512 Chuya Hayakawa of 00One, Inc. reported this vulnerability...

8.8CVSS7.7AI score0.00857EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 8:12 a.m.4 views

WordPress plugin "WP Fastest Cache" vulnerable to directory traversal

Overview WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the developer and coordinated on his own. After coordination was completed, this case was report...

6.5CVSS6.6AI score0.02625EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 8:10 a.m.1 views

Hot Pepper Gourmet App fails to restrict access permissions

Overview Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execut...

4.3CVSS6.9AI score0.00869EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 12:0 a.m.58 views

JVN#97434260: Hot Pepper Gourmet App fails to restrict access permissions

Hot Pepper Gourmet App provided by Recruit Co., Ltd. implements the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute access...

4.3CVSS4.7AI score0.00869EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/27 12:0 a.m.70 views

JVN#35240327: WordPress plugin "WP Fastest Cache" vulnerable to directory traversal

WordPress plugin "WP Fastest Cache" provided by Emre Vona contains a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be deleted by a user with an administrative privilege. Solution Update the plugin Update the plugin according to the information provided by the...

6.5CVSS6.3AI score0.02625EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/22 7:33 a.m.3 views

yappa-ng vulnerable to cross-site scripting

Overview yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During...

6.1CVSS6.3AI score0.03722EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/22 12:0 a.m.56 views

JVN#55833077: yappa-ng vulnerable to cross-site scripting

yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An...

4.3CVSS6.2AI score0.03722EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/20 3:25 a.m.6 views

Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact...

7.8CVSS6.8AI score0.00469EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/14 8:22 a.m.2 views

Gurunavi Apps fail to restrict access permissions

Overview Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access...

7.5CVSS6.9AI score0.01148EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/14 12:0 a.m.66 views

JVN#54025691: Gurunavi Apps fail to restrict access permissions

Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Impact A...

7.5CVSS7.4AI score0.01148EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/13 7:46 a.m.2 views

Information Disclosure Vulnerability in Cosminexus

Overview An Information Disclosure Vulnerability was found in Cosminexus. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.4AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/13 7:42 a.m.1 views

Vulnerability in JP1/VERITAS

Overview A vulnerability exists in JP1/VERITAS. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

6.8AI score
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/12 6:32 a.m.5 views

D-Link DAP-1880AC contains multiple vulnerabilities

Overview DAP-1880AC provided by D-Link Japan K.K. contains multiple vulnerabilities listed below. Improper access control CWE-284 - CVE-2021-20694 Improper privilege management CWE-269 - CVE-2021-20695 OS command injection CWE-78 - CVE-2021-20696 Missing authentication for critical function CWE-3...

9.8CVSS8.1AI score0.02399EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 8:16 a.m.3 views

Multiple vulnerabilities in multiple Aterm products

Overview Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 OS command injection via UPnP CWE-78 - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this...

10CVSS7.6AI score0.99975EPSS
Exploits6References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 7:42 a.m.3 views

Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP

Overview Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Improper Validation of Integrity Check Value CWE-3...

10CVSS7.2AI score0.01359EPSS
Exploits0References16
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 12:0 a.m.108 views

JVN#29739718: Multiple vulnerabilities in Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP

Aterm WF1200CR, Aterm WG1200CR, Aterm WG2600HS, and Aterm WX3000HP provided by NEC Corporation contain multiple vulnerabilities listed below. Aterm WF1200CR, Aterm WG1200CR, and Aterm WG2600HS OS Command Injection CWE-78 - CVE-2021-20708 Version| Vector| Score ---|---|--- CVSS v3|...

10CVSS7.2AI score0.01359EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/09 12:0 a.m.110 views

JVN#67456944: Multiple vulnerabilities in multiple Aterm products

Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2021-20680 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score...

10CVSS9AI score0.99975EPSS
Exploits6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/01 5:44 a.m.0 views

Archive collectively operation utility vulnerable to directory traversal

Overview Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. apple502j reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

7.1CVSS6.7AI score0.01001EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/01 12:0 a.m.51 views

JVN#73236007: Archive collectively operation utility vulnerable to directory traversal

Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. Impact By expanding a malicious ZIP archive, arbitrary files may be created or overwritten with the...

7.1CVSS6.9AI score0.01001EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/26 5:25 a.m.2 views

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 OS command injection CWE-78 - CVE-2021-20682 Improper Neutralization of JavaScript input in the...

9CVSS7.5AI score0.02475EPSS
Exploits0References10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/26 12:0 a.m.69 views

JVN#64869876: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

9CVSS6.6AI score0.02475EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 9:14 a.m.1 views

rNote vulnerable to cross-site scripting

Overview rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an advisory for this...

6.1CVSS6.1AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 9:12 a.m.3 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During the meeting of Committee for authorizing the disclosure of unresolv...

6.1CVSS6.2AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 9:6 a.m.4 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 9:1 a.m.3 views

Yomi-Search vulnerable to cross-site scripting

Overview Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 22, 2021, it was judged that an...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:52 a.m.2 views

Click Ranker vulnerable to cross-site scripting

Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:50 a.m.2 views

Kagemai vulnerable to cross-site request forgery

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privileg...

8.8CVSS6.5AI score0.00558EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:46 a.m.3 views

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...

6.1CVSS5.9AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:43 a.m.3 views

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

6.1CVSS6AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:32 a.m.3 views

MagazinegerZ vulnerable to cross-site scripting

Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...

6.1CVSS6.3AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.39 views

JVN#68244135: rNote vulnerable to cross-site scripting

rNote provided by Woody Rinn is software to create a blog. rNote contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing an website that uses rNote. Solution Consider stop using rNote 0.9.7.5 Since the...

6.6AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.219 views

JVN#83042295: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.222 views

JVN#37179202: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Yomi-Search. Solution Consider stop using...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.180 views

JVN#94705238: Yomi-Search vulnerable to cross-site scripting

Yomi-Search provided by WonderLink is a directory type search engine program. Yomi-Search contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. Impact An arbitrary script may be executed on the web browser of the user who is...

6.1CVSS6.2AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.56 views

JVN#93207949: Click Ranker vulnerable to cross-site scripting

Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. Impact An arbitrary script may be executed on the web browser of the user who is accessing a website that uses Click...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.53 views

JVN#12559271: Kagemai vulnerable to cross-site scripting

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Consider sto...

6.1CVSS6AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.54 views

JVN#11438679: Kagemai vulnerable to cross-site request forgery

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site request forgery vulnerability CWE-352 which allows unintended operations if a user with an administrative privilege views a...

8.8CVSS8.7AI score0.00558EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.54 views

JVN#42220311: Kagemai vulnerable to cross-site scripting

Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user who can...

6.1CVSS6AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 12:0 a.m.55 views

JVN#97370614: MagazinegerZ vulnerable to cross-site scripting

MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the administrative...

6.1CVSS6.1AI score0.00756EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/22 5:57 a.m.3 views

UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)

Overview Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. NEC Platforms, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinate...

3.5CVSS6.8AI score0.00919EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/22 12:0 a.m.78 views

JVN#12737530: UNIVERGE Aspire series PBX vulnerable to denial-of-service (DoS)

Remote system maintenance feature of UNIVERGE Aspire series PBX contain an issue in handling commands, which may cause a denial-of-service DoS. Impact An attacker may cause system down and reboot of the products by sending a specially crafted command. Solution Update the Software Update to the...

3.5CVSS4AI score0.00919EPSS
Exploits0
Total number of security vulnerabilities5625