All the vulnerabilites related to NEC Corporation - EXPRESSCLUSTER X
jvndb-2021-000097
Vulnerability from jvndb
Published
2021-10-29 15:22
Modified
2022-04-20 14:03
Severity ?
Summary
Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X
Details
CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below.
* Buffer overflow in the Disk Agent (CWE-119) - CVE-2021-20700, CVE-2021-20701
* Buffer overflow in the Transaction Server (CWE-119) - CVE-2021-20702, CVE-2021-20703
* Buffer overflow in the compatible API with previous versions (Ver 8.0 and earlier) (CWE-119) - CVE-2021-20704
* Remote file upload in the WebManager (CWE-20) - CVE-2021-20705, CVE-2021-20706
* Read files in the Transaction Server (CWE-20) - CVE-2021-20707
NEC Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| NEC Corporation | EXPRESSCLUSTER X |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000097.html",
"dc:date": "2022-04-20T14:03+09:00",
"dcterms:issued": "2021-10-29T15:22+09:00",
"dcterms:modified": "2022-04-20T14:03+09:00",
"description": "CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain multiple vulnerabilities listed below. \r\n\r\n* Buffer overflow in the Disk Agent (CWE-119) - CVE-2021-20700, CVE-2021-20701\r\n* Buffer overflow in the Transaction Server (CWE-119) - CVE-2021-20702, CVE-2021-20703\r\n* Buffer overflow in the compatible API with previous versions (Ver 8.0 and earlier) (CWE-119) - CVE-2021-20704\r\n* Remote file upload in the WebManager (CWE-20) - CVE-2021-20705, CVE-2021-20706\r\n* Read files in the Transaction Server (CWE-20) - CVE-2021-20707\r\n\r\nNEC Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000097.html",
"sec:cpe": {
"#text": "cpe:/a:nec:expresscluster_x",
"@product": "EXPRESSCLUSTER X",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000097",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN69304877/index.html",
"@id": "JVN#69304877",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20700",
"@id": "CVE-2021-20700",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20701",
"@id": "CVE-2021-20701",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20702",
"@id": "CVE-2021-20702",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20703",
"@id": "CVE-2021-20703",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20704",
"@id": "CVE-2021-20704",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20705",
"@id": "CVE-2021-20705",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20706",
"@id": "CVE-2021-20706",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20707",
"@id": "CVE-2021-20707",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20700",
"@id": "CVE-2021-20700",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20701",
"@id": "CVE-2021-20701",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20702",
"@id": "CVE-2021-20702",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20703",
"@id": "CVE-2021-20703",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20704",
"@id": "CVE-2021-20704",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20705",
"@id": "CVE-2021-20705",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20706",
"@id": "CVE-2021-20706",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20707",
"@id": "CVE-2021-20707",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Multiple vulnerabilities in CLUSTERPRO X and EXPRESSCLUSTER X"
}
jvndb-2020-000059
Vulnerability from jvndb
Published
2020-08-31 15:10
Modified
2020-08-31 15:10
Severity ?
Summary
CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)
Details
CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection (XXE) vulnerability (CWE-611).
NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| NEC Corporation | EXPRESSCLUSTER X |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000059.html",
"dc:date": "2020-08-31T15:10+09:00",
"dcterms:issued": "2020-08-31T15:10+09:00",
"dcterms:modified": "2020-08-31T15:10+09:00",
"description": "CLUSTERPRO X and EXPRESSCLUSTER X provided by NEC Corporation contain an XML external entity injection (XXE) vulnerability (CWE-611).\r\n\r\nNEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000059.html",
"sec:cpe": {
"#text": "cpe:/a:nec:expresscluster_x",
"@product": "EXPRESSCLUSTER X",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000059",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06446084/index.html",
"@id": "JVN#06446084",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17408",
"@id": "CVE-2020-17408",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-17408",
"@id": "CVE-2020-17408",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "CLUSTERPRO X and EXPRESSCLUSTER X vulnerable to XML external entity injection (XXE)"
}
jvndb-2023-007152
Vulnerability from jvndb
Published
2023-11-20 14:09
Modified
2024-05-01 18:10
Severity ?
Summary
Multiple vulnerabilities in EXPRESSCLUSTER X
Details
WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below.
* Missing authorization (CWE-862) - CVE-2023-39544
* Files or directories accessible to external parties (CWE-552) - CVE-2023-39545
* Use of password hash instead of password for authentication (CWE-836) - CVE-2023-39546
* Authentication bypass by Capture-replay (CWE-294) - CVE-2023-39547
* Unrestricted upload of file with dangerous type (CWE-434) - CVE-2023-39548
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-007152.html",
"dc:date": "2024-05-01T18:10+09:00",
"dcterms:issued": "2023-11-20T14:09+09:00",
"dcterms:modified": "2024-05-01T18:10+09:00",
"description": "WebManager/Cluster WebUI of EXPRESSCLUSTER X provided by NEC Corporation contains multiple vulnerabilities listed below.\r\n\r\n * Missing authorization (CWE-862) - CVE-2023-39544\r\n * Files or directories accessible to external parties (CWE-552) - CVE-2023-39545\r\n * Use of password hash instead of password for authentication (CWE-836) - CVE-2023-39546\r\n * Authentication bypass by Capture-replay (CWE-294) - CVE-2023-39547\r\n * Unrestricted upload of file with dangerous type (CWE-434) - CVE-2023-39548",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-007152.html",
"sec:cpe": [
{
"#text": "cpe:/a:nec:expresscluster_x",
"@product": "EXPRESSCLUSTER X",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:expresscluster_x_singleserversafe",
"@product": "EXPRESSCLUSTER SingleServerSafe",
"@vendor": "NEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-007152",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU98954968/index.html",
"@id": "JVNVU#98954968",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39544",
"@id": "CVE-2023-39544",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39545",
"@id": "CVE-2023-39545",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39546",
"@id": "CVE-2023-39546",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39547",
"@id": "CVE-2023-39547",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39548",
"@id": "CVE-2023-39548",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39544",
"@id": "CVE-2023-39544",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39545",
"@id": "CVE-2023-39545",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39546",
"@id": "CVE-2023-39546",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39547",
"@id": "CVE-2023-39547",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39548",
"@id": "CVE-2023-39548",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/294.html",
"@id": "CWE-294",
"@title": "Authentication Bypass by Capture-replay(CWE-294)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/434.html",
"@id": "CWE-434",
"@title": "Unrestricted Upload of File with Dangerous Type(CWE-434)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/552.html",
"@id": "CWE-552",
"@title": "Files or Directories Accessible to External Parties(CWE-552)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/836.html",
"@id": "CWE-836",
"@title": "Use of Password Hash Instead of Password for Authentication(CWE-836)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/862.html",
"@id": "CWE-862",
"@title": "Missing Authorization(CWE-862)"
}
],
"title": "Multiple vulnerabilities in EXPRESSCLUSTER X"
}
jvndb-2016-000015
Vulnerability from jvndb
Published
2016-01-29 13:45
Modified
2016-03-16 14:24
Severity ?
Summary
EXPRESSCLUSTER X vulnerable to directory traversal
Details
EXPRESSCLUSTER X from NEC Corporation is software to provide high availability (HA) clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal.
Yusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| NEC Corporation | EXPRESSCLUSTER X |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000015.html",
"dc:date": "2016-03-16T14:24+09:00",
"dcterms:issued": "2016-01-29T13:45+09:00",
"dcterms:modified": "2016-03-16T14:24+09:00",
"description": "EXPRESSCLUSTER X from NEC Corporation is software to provide high availability (HA) clustering. EXPRESSCLUSTER X contains an issue in WebManager, which may lead to directory traversal.\r\n\r\nYusuke SAKAI of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000015.html",
"sec:cpe": {
"#text": "cpe:/a:nec:expresscluster_x",
"@product": "EXPRESSCLUSTER X",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000015",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN03050861/index.html",
"@id": "JVN#03050861",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1145",
"@id": "CVE-2016-1145",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1145",
"@id": "CVE-2016-1145",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "EXPRESSCLUSTER X vulnerable to directory traversal"
}