CVE-2024-34024

2024-06-1805:44:59

jpcert

github.com

observable response discrepancy

id link manager

fujitsu software time creator

unauthenticated remote attacker

valid usernames

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not.

CNA Affected

[
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "FUJITSU Business Application ID Link Manager II",
    "versions": [
      {
        "status": "affected",
        "version": "V1.8 and earlier"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "FUJITSU Software ID Link Manager",
    "versions": [
      {
        "status": "affected",
        "version": "V2.0"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "FUJITSU Software TIME CREATOR ID Link Manager",
    "versions": [
      {
        "status": "affected",
        "version": "V2.3.0"
      },
      {
        "status": "affected",
        "version": " V2.3.1"
      },
      {
        "status": "affected",
        "version": " V2.4"
      },
      {
        "status": "affected",
        "version": " V2.5"
      },
      {
        "status": "affected",
        "version": " V2.6"
      },
      {
        "status": "affected",
        "version": " and V2.7"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "FUJITSU Software TIME CREATOR ID Link Manager",
    "versions": [
      {
        "status": "affected",
        "version": "V3.0"
      },
      {
        "status": "affected",
        "version": " V3.0.2"
      },
      {
        "status": "affected",
        "version": " V3.0.2.1"
      },
      {
        "status": "affected",
        "version": " and V3.0.3"
      }
    ]
  },
  {
    "vendor": "Fsas Technologies Inc.",
    "product": "FUJITSU Software TIME CREATOR ID Link Manager SaaS",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before the maintenance on June 16"
      },
      {
        "status": "affected",
        "version": " 2024"
      }
    ]
  }
]