Search criteria
4 vulnerabilities found for SaAT Netizen by NetMove Corporation
CVE-2016-1203 (GCVE-0-2016-1203)
Vulnerability from cvelistv5 – Published: 2023-10-31 12:38 – Updated: 2024-09-06 20:15
VLAI?
Summary
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.
Severity ?
No CVSS data available.
CWE
- Improper file verification
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetMove Corporation | SaAT Netizen installer |
Affected:
ver.1.2.0.424 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://web-support.saat.jp/hc/ja/articles/4406222933785"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97339542/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-1203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:14:46.335668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:15:41.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SaAT Netizen installer",
"vendor": "NetMove Corporation",
"versions": [
{
"status": "affected",
"version": "ver.1.2.0.424 and earlier"
}
]
},
{
"product": "SaAT Netizen",
"vendor": "NetMove Corporation",
"versions": [
{
"status": "affected",
"version": "ver.1.2.0.8 (Build427) and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper file verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T12:38:05.419Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web-support.saat.jp/hc/ja/articles/4406222933785"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97339542/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1203",
"datePublished": "2023-10-31T12:38:05.419Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-09-06T20:15:41.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1203 (GCVE-0-2016-1203)
Vulnerability from nvd – Published: 2023-10-31 12:38 – Updated: 2024-09-06 20:15
VLAI?
Summary
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.
Severity ?
No CVSS data available.
CWE
- Improper file verification
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| NetMove Corporation | SaAT Netizen installer |
Affected:
ver.1.2.0.424 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://web-support.saat.jp/hc/ja/articles/4406222933785"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU97339542/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-1203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:14:46.335668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:15:41.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SaAT Netizen installer",
"vendor": "NetMove Corporation",
"versions": [
{
"status": "affected",
"version": "ver.1.2.0.424 and earlier"
}
]
},
{
"product": "SaAT Netizen",
"vendor": "NetMove Corporation",
"versions": [
{
"status": "affected",
"version": "ver.1.2.0.8 (Build427) and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper file verification",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T12:38:05.419Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://web-support.saat.jp/hc/ja/articles/4406222933785"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97339542/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1203",
"datePublished": "2023-10-31T12:38:05.419Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-09-06T20:15:41.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2017-000109
Vulnerability from jvndb - Published: 2017-06-02 14:00 - Updated:2018-01-17 12:29
Severity ?
Summary
Installer of SaAT Netizen may insecurely load Dynamic Link Libraries
Details
The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
DigiGnome reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html",
"dc:date": "2018-01-17T12:29+09:00",
"dcterms:issued": "2017-06-02T14:00+09:00",
"dcterms:modified": "2018-01-17T12:29+09:00",
"description": "The installer of SaAT Netizen provided by NetMove Corporation contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000109.html",
"sec:cpe": {
"#text": "cpe:/a:saat:netizen",
"@product": "SaAT Netizen",
"@vendor": "NetMove Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000109",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN91170929/index.html",
"@id": "JVN#91170929",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2206",
"@id": "CVE-2017-2206",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2206",
"@id": "CVE-2017-2206",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of SaAT Netizen may insecurely load Dynamic Link Libraries"
}
JVNDB-2016-002299
Vulnerability from jvndb - Published: 2016-12-05 13:52 - Updated:2024-06-27 13:59
Severity ?
Summary
SaAT Netizen fails to properly verify downloaded installation and update files
Details
SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified.
The SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process.
PinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html",
"dc:date": "2024-06-27T13:59+09:00",
"dcterms:issued": "2016-12-05T13:52+09:00",
"dcterms:modified": "2024-06-27T13:59+09:00",
"description": "SaAT Netizen contains a vulnerability where files downloaded for installation or an update are not properly verified.\r\n\r\nThe SaAT Netizen installer and SaAT Netizen contain a vulnerability where downloaded files are not properly verified during the installation or update process.\r\n\r\nPinkFlyingWhale BlackWingCat reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-002299.html",
"sec:cpe": [
{
"#text": "cpe:/a:saat:netizen",
"@product": "SaAT Netizen",
"@vendor": "NetMove Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:saat:netizen_installer",
"@product": "SaAT Netizen installer",
"@vendor": "NetMove Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-002299",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU97339542/index.html",
"@id": "JVNVU#97339542",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1203",
"@id": "CVE-2016-1203",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1203",
"@id": "CVE-2016-1203",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "SaAT Netizen fails to properly verify downloaded installation and update files"
}