All the vulnerabilites related to The Ministry of Justice - Shinseiyo Sogo Soft
jvndb-2017-000152
Vulnerability from jvndb
Published
2017-06-30 14:19
Modified
2018-02-07 12:22
Severity ?
Summary
Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries
Details
Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications Corporation, and Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Ministry of Justice | Shinseiyo Sogo Soft |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000152.html",
"dc:date": "2018-02-07T12:22+09:00",
"dcterms:issued": "2017-06-30T14:19+09:00",
"dcterms:modified": "2018-02-07T12:22+09:00",
"description": "Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions, Inc., Yuji Tounai of NTT Communications Corporation, and Eili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000152.html",
"sec:cpe": {
"#text": "cpe:/a:moj:shinseiyo_sogo_soft",
"@product": "Shinseiyo Sogo Soft",
"@vendor": "The Ministry of Justice",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000152",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23389212/index.html",
"@id": "JVN#23389212",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2232",
"@id": "CVE-2017-2232",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2232",
"@id": "CVE-2017-2232",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Shinseiyou Sougou Soft provided by The Ministry of Justice may insecurely load Dynamic Link Libraries"
}
jvndb-2023-000035
Vulnerability from jvndb
Published
2023-04-19 14:49
Modified
2024-05-29 16:58
Severity ?
Summary
Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft
Details
Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references (XXE) (CWE-611).
Taku Toyama of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Ministry of Justice | Shinseiyo Sogo Soft |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000035.html",
"dc:date": "2024-05-29T16:58+09:00",
"dcterms:issued": "2023-04-19T14:49+09:00",
"dcterms:modified": "2024-05-29T16:58+09:00",
"description": "Shinseiyo Sogo Soft provided by The Ministry of Justice improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nTaku Toyama of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000035.html",
"sec:cpe": {
"#text": "cpe:/a:moj:shinseiyo_sogo_soft",
"@product": "Shinseiyo Sogo Soft",
"@vendor": "The Ministry of Justice",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "1.2",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "2.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000035",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN73178249/index.html",
"@id": "JVN#73178249",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27527",
"@id": "CVE-2023-27527",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27527",
"@id": "CVE-2023-27527",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft"
}
cve-2023-27527
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2024-08-02 12:16
Severity ?
EPSS score ?
Summary
Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| The Ministry of Justice | Shinseiyo Sogo Soft |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.touki-kyoutaku-online.moj.go.jp/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73178249/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shinseiyo Sogo Soft",
"vendor": "The Ministry of Justice",
"versions": [
{
"status": "affected",
"version": "(7.9A) and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of XML external entity reference (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.touki-kyoutaku-online.moj.go.jp/"
},
{
"url": "https://jvn.jp/en/jp/JVN73178249/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27527",
"datePublished": "2023-05-10T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T12:16:35.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}