Search criteria
7 vulnerabilities found for Accela BizSearch by Accela Technology
JVNDB-2013-000094
Vulnerability from jvndb - Published: 2013-10-04 12:36 - Updated:2013-10-08 14:56Summary
Accela BizSearch vulnerable to cross-site scripting
Details
Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000094.html",
"dc:date": "2013-10-08T14:56+09:00",
"dcterms:issued": "2013-10-04T12:36+09:00",
"dcterms:modified": "2013-10-08T14:56+09:00",
"description": "Accela BizSearch provided by Accela Technology Corporation is an enterprise search system. Accela BizSearch contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai of bogus.jp reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000094.html",
"sec:cpe": {
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000094",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33788325/index.html",
"@id": "JVN#33788325",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4711",
"@id": "CVE-2013-4711",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4711",
"@id": "CVE-2013-4711",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Accela BizSearch vulnerable to cross-site scripting"
}
JVNDB-2013-001470
Vulnerability from jvndb - Published: 2013-02-13 16:47 - Updated:2013-02-13 16:47Summary
Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability
Details
Accela BizSearch Gateway Option for TeamWARE, when the TeamWARE Gateway and Single Sign-On are enabled, which allows remote attackers to spoof user accounts of TeamWARE Office under specified conditions.
References
| Type | URL | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001470.html",
"dc:date": "2013-02-13T16:47+09:00",
"dcterms:issued": "2013-02-13T16:47+09:00",
"dcterms:modified": "2013-02-13T16:47+09:00",
"description": "Accela BizSearch Gateway Option for TeamWARE, when the TeamWARE Gateway and Single Sign-On are enabled, which allows remote attackers to spoof user accounts of TeamWARE Office under specified conditions.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001470.html",
"sec:cpe": [
{
"#text": "cpe:/a:accelatech:accelatech_eaccela_bizsearch",
"@product": "eAccela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-001470",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Accela BizSearch Gateway Option for TeamWARE Spoofing Vulnerability"
}
JVNDB-2010-002807
Vulnerability from jvndb - Published: 2011-06-29 17:57 - Updated:2011-06-29 17:57Summary
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Details
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.
References
| Type | URL | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002807.html",
"dc:date": "2011-06-29T17:57+09:00",
"dcterms:issued": "2011-06-29T17:57+09:00",
"dcterms:modified": "2011-06-29T17:57+09:00",
"description": "The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002807.html",
"sec:cpe": [
{
"#text": "cpe:/a:accelatech:accelatech_eaccela_bizsearch",
"@product": "eAccela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-002807",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
"title": "Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability"
}
JVNDB-2010-002809
Vulnerability from jvndb - Published: 2011-06-29 17:55 - Updated:2011-06-29 17:55Summary
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Details
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.
References
| Type | URL | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002809.html",
"dc:date": "2011-06-29T17:55+09:00",
"dcterms:issued": "2011-06-29T17:55+09:00",
"dcterms:modified": "2011-06-29T17:55+09:00",
"description": "The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002809.html",
"sec:cpe": [
{
"#text": "cpe:/a:accelatech:accelatech_eaccela_bizsearch",
"@product": "eAccela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-002809",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
"title": "Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability"
}
JVNDB-2010-002808
Vulnerability from jvndb - Published: 2011-06-29 17:55 - Updated:2011-06-29 17:55Summary
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
Details
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.
References
| Type | URL | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002808.html",
"dc:date": "2011-06-29T17:55+09:00",
"dcterms:issued": "2011-06-29T17:55+09:00",
"dcterms:modified": "2011-06-29T17:55+09:00",
"description": "The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002808.html",
"sec:cpe": [
{
"#text": "cpe:/a:accelatech:accelatech_eaccela_bizsearch",
"@product": "eAccela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-002808",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
"title": "Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability"
}
JVNDB-2010-002077
Vulnerability from jvndb - Published: 2010-10-13 16:58 - Updated:2010-10-13 16:58Summary
Phishing Vulnerability in Accela BizSearch Document View Window
Details
The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to:
* display a fraudulent web page over a legitimate web page
* steal cookies stored in browser
* place arbitrary cookies into browser
References
| Type | URL | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002077.html",
"dc:date": "2010-10-13T16:58+09:00",
"dcterms:issued": "2010-10-13T16:58+09:00",
"dcterms:modified": "2010-10-13T16:58+09:00",
"description": "The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to:\r\n* display a fraudulent web page over a legitimate web page\r\n* steal cookies stored in browser\r\n* place arbitrary cookies into browser",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-002077.html",
"sec:cpe": [
{
"#text": "cpe:/a:accelatech:accelatech_eaccela_bizsearch",
"@product": "eAccela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:intelligentsearch",
"@product": "IntelligentSearch",
"@vendor": "FUJITSU",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-002077",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Phishing Vulnerability in Accela BizSearch Document View Window"
}
JVNDB-2010-001204
Vulnerability from jvndb - Published: 2010-04-09 16:36 - Updated:2010-04-09 16:36Summary
Accela BizSearch Access Control Bypass Vulnerability
Details
The local file seraching function in IntelligentSearch and Accela
BizSearch is prone to an access control bypass vulnerability.
References
| Type | URL | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001204.html",
"dc:date": "2010-04-09T16:36+09:00",
"dcterms:issued": "2010-04-09T16:36+09:00",
"dcterms:modified": "2010-04-09T16:36+09:00",
"description": "The local file seraching function in IntelligentSearch and Accela\r\nBizSearch is prone to an access control bypass vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001204.html",
"sec:cpe": [
{
"#text": "cpe:/a:accelatech:accelatech_eaccela_bizsearch",
"@product": "eAccela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:accelatech:bizsearch",
"@product": "Accela BizSearch",
"@vendor": "Accela Technology",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:intelligentsearch",
"@product": "IntelligentSearch",
"@vendor": "FUJITSU",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-001204",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
"title": "Accela BizSearch Access Control Bypass Vulnerability"
}