All the vulnerabilites related to NetMove Corporation - SaAT Netizen
jvndb-2016-002299
Vulnerability from jvndb
Published
2016-12-05 13:52
Modified
2024-06-27 13:59
Severity ?
Summary
SaAT Netizen fails to properly verify downloaded installation and update files
Details
SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified. The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process. PinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html",
  "dc:date": "2024-06-27T13:59+09:00",
  "dcterms:issued": "2016-12-05T13:52+09:00",
  "dcterms:modified": "2024-06-27T13:59+09:00",
  "description": "SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified.\r\n\r\nThe SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process.\r\n\r\nPinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:saat:netizen",
      "@product": "SaAT Netizen",
      "@vendor": "NetMove Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:saat:netizen_installer",
      "@product": "SaAT Netizen installer",
      "@vendor": "NetMove Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.6",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-002299",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU97339542/index.html",
      "@id": "JVNVU#97339542",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1203",
      "@id": "CVE-2016-1203",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1203",
      "@id": "CVE-2016-1203",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "SaAT Netizen fails to properly verify downloaded installation and update files"
}

jvndb-2017-000109
Vulnerability from jvndb
Published
2017-06-02 14:00
Modified
2018-01-17 12:29
Severity ?
Summary
Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
Details
The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html",
  "dc:date": "2018-01-17T12:29+09:00",
  "dcterms:issued": "2017-06-02T14:00+09:00",
  "dcterms:modified": "2018-01-17T12:29+09:00",
  "description": "The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html",
  "sec:cpe": {
    "#text": "cpe:/a:saat:netizen",
    "@product": "SaAT Netizen",
    "@vendor": "NetMove Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000109",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN91170929/index.html",
      "@id": "JVN#91170929",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2206",
      "@id": "CVE-2017-2206",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2206",
      "@id": "CVE-2017-2206",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installer of SaAT Netizen may insecurely load Dynamic Link Libraries"
}

cve-2016-1203
Vulnerability from cvelistv5
Published
2023-10-31 12:38
Modified
2024-09-06 20:15
Severity ?
Summary
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.554Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://web-support.saat.jp/hc/ja/articles/4406222933785"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU97339542/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-1203",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-06T20:14:46.335668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T20:15:41.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SaAT Netizen installer",
          "vendor": "NetMove Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ver.1.2.0.424 and earlier"
            }
          ]
        },
        {
          "product": "SaAT Netizen",
          "vendor": "NetMove Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "ver.1.2.0.8 (Build427) and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper file verification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-31T12:38:05.419Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://web-support.saat.jp/hc/ja/articles/4406222933785"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU97339542/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-1203",
    "datePublished": "2023-10-31T12:38:05.419Z",
    "dateReserved": "2015-12-26T00:00:00.000Z",
    "dateUpdated": "2024-09-06T20:15:41.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}