All the vulnerabilites related to FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.) - (multiple product)
jvndb-2021-000026
Vulnerability from jvndb
Published
2021-03-19 15:32
Modified
2021-04-12 13:30
Severity ?
Summary
Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
Details
Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability.
Masahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000026.html",
"dc:date": "2021-04-12T13:30+09:00",
"dcterms:issued": "2021-03-19T15:32+09:00",
"dcterms:modified": "2021-04-12T13:30+09:00",
"description": "Multifunction devices and printers provided by Fuji Xerox Co.,Ltd. contain a denial-of-service (DoS) vulnerability.\r\n\r\nMasahiro Kawada of Ierae Security Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000026.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000026",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN37607293/index.html",
"@id": "JVN#37607293",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20679",
"@id": "CVE-2021-20679",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20679",
"@id": "CVE-2021-20679",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)"
}
jvndb-2024-000027
Vulnerability from jvndb
Published
2024-03-06 18:24
Modified
2024-03-06 18:24
Severity ?
Summary
FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery
Details
Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).
Junnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN34328023/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-27974 | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
"dc:date": "2024-03-06T18:24+09:00",
"dcterms:issued": "2024-03-06T18:24+09:00",
"dcterms:modified": "2024-03-06T18:24+09:00",
"description": "Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nJunnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, and Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000027.html",
"sec:cpe": {
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000027",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN34328023/index.html",
"@id": "JVN#34328023",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27974",
"@id": "CVE-2024-27974",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery"
}
jvndb-2023-004919
Vulnerability from jvndb
Published
2023-11-02 17:21
Modified
2024-05-07 15:25
Severity ?
Summary
FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength
Details
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).
Kunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.
FUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU96482726/ | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-46327 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-46327 | |
| Use of Weak Credentials(CWE-1391) | https://cwe.mitre.org/data/definitions/1391.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
"dc:date": "2024-05-07T15:25+09:00",
"dcterms:issued": "2023-11-02T17:21+09:00",
"dcterms:modified": "2024-05-07T15:25+09:00",
"description": "Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient (CWE-1391).\r\n\r\nKunal Thakrar and Ceri Coburn of Pen Test Partners directly reported this vulnerability to FUJIFILM Business Innovation Corp.\r\nFUJIFILM Business Innovation Corp. reported this case to JPCERT/CC to request the coordination with the reporter.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-004919.html",
"sec:cpe": [
{
"#text": "cpe:/a:fuji_xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "FUJIFILM Business Innovation Corp. (former Fuji Xerox Co., Ltd.)",
"@version": "2.2"
},
{
"#text": "cpe:/a:xerox:multiple_product",
"@product": "(multiple product)",
"@vendor": "Xerox",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-004919",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU96482726/",
"@id": "JVNVU#96482726",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-46327",
"@id": "CVE-2023-46327",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46327",
"@id": "CVE-2023-46327",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1391.html",
"@id": "CWE-1391",
"@title": "Use of Weak Credentials(CWE-1391)"
}
],
"title": "FUJIFILM Business Innovation Corp. and Xerox Corporation MFPs export Address Books with insufficient encryption strength"
}