Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
27 vulnerabilities by Fsas Technologies Inc.
CVE-2026-32325 (GCVE-0-2026-32325)
Vulnerability from nvd – Published: 2026-06-01 07:17 – Updated: 2026-06-01 13:11
VLAI
Summary
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-268 - Privilege chaining
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ServerView Agents for Windows |
Affected:
V11.60.04 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:11:06.505496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:11:20.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServerView Agents for Windows",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V11.60.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege chaining",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:17:31.045Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0529.html"
},
{
"url": "https://jvn.jp/en/jp/JVN67883085/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32325",
"datePublished": "2026-06-01T07:17:31.045Z",
"dateReserved": "2026-05-14T05:26:45.359Z",
"dateUpdated": "2026-06-01T13:11:20.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27788 (GCVE-0-2026-27788)
Vulnerability from nvd – Published: 2026-06-01 07:17 – Updated: 2026-06-01 13:11
VLAI
Summary
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ServerView Agents for Windows |
Affected:
V11.60.04 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:11:40.244948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:11:53.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServerView Agents for Windows",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V11.60.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:17:25.238Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0529.html"
},
{
"url": "https://jvn.jp/en/jp/JVN67883085/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-27788",
"datePublished": "2026-06-01T07:17:25.238Z",
"dateReserved": "2026-05-14T05:26:40.582Z",
"dateUpdated": "2026-06-01T13:11:53.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24016 (GCVE-0-2026-24016)
Vulnerability from nvd – Published: 2026-01-21 07:19 – Updated: 2026-02-24 14:51
VLAI
Summary
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ServerView Agents for Windows |
Affected:
V11.50.06 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T14:28:05.334267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:28:14.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-24T14:51:46.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ServerView Agents for Windows",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V11.50.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T07:19:03.236Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0121.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65211823/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-24016",
"datePublished": "2026-01-21T07:19:03.236Z",
"dateReserved": "2026-01-20T05:13:56.618Z",
"dateUpdated": "2026-02-24T14:51:46.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62577 (GCVE-0-2025-62577)
Vulnerability from nvd – Published: 2025-10-20 05:32 – Updated: 2025-11-03 16:06
VLAI
Summary
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
8 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T14:12:12.186180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T14:12:31.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T16:06:00.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-102005-Security-Notice.pdf"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruiser (for Solaris 10/ 11)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Expressn (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T05:32:41.402Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html"
},
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2025/1020.html"
},
{
"url": "https://jvn.jp/en/jp/JVN44266462/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-62577",
"datePublished": "2025-10-20T05:32:41.402Z",
"dateReserved": "2025-10-16T00:39:29.822Z",
"dateUpdated": "2025-11-03T16:06:00.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39921 (GCVE-0-2024-39921)
Vulnerability from nvd – Published: 2024-09-04 01:51 – Updated: 2025-03-13 13:26
VLAI
Summary
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Observable timing discrepancy
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | IPCOM EX2 Series |
Affected:
V01L02NF0001 to V01L06NF0401
|
|
| Fsas Technologies Inc. | IPCOM EX2 Series |
Affected:
V01L20NF0001 to V01L20NF0401
|
|
| Fsas Technologies Inc. | IPCOM EX2 Series |
Affected:
V02L20NF0001 to V02L21NF0301
|
|
| Fsas Technologies Inc. | IPCOM VE2 Series |
Affected:
V01L04NF0001 to V01L06NF0112
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:16:53.423725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:26:40.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IPCOM EX2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L02NF0001 to V01L06NF0401"
}
]
},
{
"product": "IPCOM EX2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L20NF0001 to V01L20NF0401"
}
]
},
{
"product": "IPCOM EX2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V02L20NF0001 to V02L21NF0301"
}
]
},
{
"product": "IPCOM VE2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L04NF0001 to V01L06NF0112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Observable timing discrepancy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T01:51:14.241Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/"
},
{
"url": "https://jvn.jp/en/jp/JVN29238389/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39921",
"datePublished": "2024-09-04T01:51:14.241Z",
"dateReserved": "2024-07-03T05:21:05.058Z",
"dateUpdated": "2025-03-13T13:26:40.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34024 (GCVE-0-2024-34024)
Vulnerability from nvd – Published: 2024-06-18 05:44 – Updated: 2024-11-15 20:34
VLAI
Summary
Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Observable response discrepancy
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager SaaS |
Affected:
Versions before the maintenance on June 16
Affected: 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:28:09.078006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:34:45.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager SaaS",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "Versions before the maintenance on June 16"
},
{
"status": "affected",
"version": " 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Observable response discrepancy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:59.077Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-34024",
"datePublished": "2024-06-18T05:44:59.077Z",
"dateReserved": "2024-05-22T00:24:01.201Z",
"dateUpdated": "2024-11-15T20:34:45.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33620 (GCVE-0-2024-33620)
Vulnerability from nvd – Published: 2024-06-18 05:44 – Updated: 2024-08-13 19:17
VLAI
Summary
Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Absolute path traversal
- CWE-36 - Absolute Path Traversal
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| fujitsu | business_application_id_link_manager_ii |
Affected:
0 , ≤ 1.8
(custom)
cpe:2.3:a:fujitsu:business_application_id_link_manager_ii:*:*:*:*:*:*:*:* |
|
| fujitsu | id_link_manager |
Affected:
2.0
cpe:2.3:a:fujitsu:id_link_manager:2.0:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.3.0
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.0:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.3.1
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.1:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.4
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.4:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.5
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.5:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.6
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.6:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.7
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.7:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0.2
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0.2.1
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2.1:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0.3
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujitsu:business_application_id_link_manager_ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_application_id_link_manager_ii",
"vendor": "fujitsu",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:id_link_manager:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0.2.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T17:27:20.527344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T19:17:23.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Absolute path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:53.121Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33620",
"datePublished": "2024-06-18T05:44:53.121Z",
"dateReserved": "2024-05-22T00:23:59.245Z",
"dateUpdated": "2024-08-13T19:17:23.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33622 (GCVE-0-2024-33622)
Vulnerability from nvd – Published: 2024-06-18 05:44 – Updated: 2024-11-21 15:37
VLAI
Summary
Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Missing authentication for critical function
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager SaaS |
Affected:
Versions before the maintenance on June 16
Affected: 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T16:30:50.447465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:37:25.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager SaaS",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "Versions before the maintenance on June 16"
},
{
"status": "affected",
"version": " 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authentication for critical function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:18.590Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33622",
"datePublished": "2024-06-18T05:44:18.590Z",
"dateReserved": "2024-05-22T00:24:00.288Z",
"dateUpdated": "2024-11-21T15:37:25.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36454 (GCVE-0-2024-36454)
Vulnerability from nvd – Published: 2024-06-12 05:12 – Updated: 2024-08-02 03:37
VLAI
Summary
Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Use of Uninitialized Resource
- CWE-908 - Use of Uninitialized Resource
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | IPCOM EX2 Series (V01L0x Series) |
Affected:
V01L07NF0201 and earlier
|
|
| Fsas Technologies Inc. | IPCOM VE2 Series |
Affected:
V01L07NF0201 and earlier
|
|
| fujitsu | ipcom_ex2_sc_3500_firmware |
Affected:
0 , ≤ 01l07nf0201
(custom)
cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:-:*:*:*:*:*:*:* |
|
| fujitsu | ipcom_ve2_ls_plus2_220_firmware |
Affected:
0 , ≤ 01l07nf0201
(custom)
cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipcom_ex2_sc_3500_firmware",
"vendor": "fujitsu",
"versions": [
{
"lessThanOrEqual": "01l07nf0201",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipcom_ve2_ls_plus2_220_firmware",
"vendor": "fujitsu",
"versions": [
{
"lessThanOrEqual": "01l07nf0201",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:17:41.103809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:27:45.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-02/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25594256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCOM EX2 Series (V01L0x Series)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L07NF0201 and earlier"
}
]
},
{
"product": "IPCOM VE2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L07NF0201 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Uninitialized Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T05:12:24.382Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-02/"
},
{
"url": "https://jvn.jp/en/jp/JVN25594256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36454",
"datePublished": "2024-06-12T05:12:24.382Z",
"dateReserved": "2024-05-28T08:11:26.050Z",
"dateUpdated": "2024-08-02T03:37:05.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2026-000077
Vulnerability from jvndb - Published: 2026-06-01 17:34 - Updated:2026-06-01 17:34
Severity
Summary
Multiple vulnerabilities in ServerView Agents for Windows
Details
ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software.
ServerView Agents for Windows contains multiple vulnerabilities listed below.
- Incorrect permission assignment for critical resource (CWE-732) - CVE-2026-27788
- Privilege chaining (CWE-268) - CVE-2026-32325
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000077.html",
"dc:date": "2026-06-01T17:34+09:00",
"dcterms:issued": "2026-06-01T17:34+09:00",
"dcterms:modified": "2026-06-01T17:34+09:00",
"description": "ServerView Agents for Windows provided by Fsas Technologies Inc. is server management software.\r\nServerView Agents for Windows contains multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/732.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/268.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect permission assignment for critical resource (CWE-732) - CVE-2026-27788\u003c/li\u003e\u003cli\u003ePrivilege chaining (CWE-268) - CVE-2026-32325\u003c/li\u003e\u003c/ul\u003eMASAHIRO IIDA of LAC Co., Ltd. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000077.html",
"sec:cpe": {
"#text": "cpe:/a:misc:fsas_technologies_serverview_agents_for_windows",
"@product": "ServerView Agents for Windows",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000077",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67883085/index.html",
"@id": "JVN#67883085",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-27788",
"@id": "CVE-2026-27788",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32325",
"@id": "CVE-2026-32325",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ServerView Agents for Windows"
}
JVNDB-2026-001663
Vulnerability from jvndb - Published: 2026-01-23 11:29 - Updated:2026-01-23 11:29Summary
"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization
Details
Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability.
- Incorrect authorization (CWE-863 - CVE-2025-65002)
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001663.html",
"dc:date": "2026-01-23T11:29+09:00",
"dcterms:issued": "2026-01-23T11:29+09:00",
"dcterms:modified": "2026-01-23T11:29+09:00",
"description": "Remote Management Controller \"iRMC S5/S6\" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability.\u003cul\u003e\u003cli\u003eIncorrect authorization (CWE-863 - \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-65002\" target=\"blank\"\u003eCVE-2025-65002\u003c/a\u003e)\u003c/li\u003e\u003c/ul\u003eFsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001663.html",
"sec:cpe": {
"#text": "cpe:/a:misc:fsas_technologies_multiple_product",
"@product": "(multiple product)",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2026-001663",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95177764/index.html",
"@id": "JVNVU#95177764",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-65002",
"@id": "CVE-2025-65002",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/863.html",
"@id": "CWE-863",
"@title": "Incorrect Authorization(CWE-863)"
}
],
"title": "\"iRMC S5/S6\" implemented in PRIMERGY vulnerable to incorrect authorization"
}
JVNDB-2026-000009
Vulnerability from jvndb - Published: 2026-01-21 15:17 - Updated:2026-01-21 15:17
Severity
Summary
Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries
Details
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. contains the following vulnerability.
- Uncontrolled search path element (CWE-427) - CVE-2026-24016
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000009.html",
"dc:date": "2026-01-21T15:17+09:00",
"dcterms:issued": "2026-01-21T15:17+09:00",
"dcterms:modified": "2026-01-21T15:17+09:00",
"description": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. contains the following vulnerability.\u003cul\u003e\u003cli\u003eUncontrolled search path element (CWE-427) - CVE-2026-24016\u003c/li\u003e\u003c/ul\u003eKazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000009.html",
"sec:cpe": {
"#text": "cpe:/a:misc:fsas_technologies_serverview_agents_for_windows",
"@product": "ServerView Agents for Windows",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000009",
"sec:references": [
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/jp/JVN65211823/index.html",
"@id": "JVN#65211823",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-24016",
"@id": "CVE-2026-24016",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Fujitsu ServerView Agents for Windows may insecurely load Dynamic Link Libraries"
}
JVNDB-2026-001578
Vulnerability from jvndb - Published: 2026-01-20 20:00 - Updated:2026-01-20 20:00
Severity
Summary
ETERNUS SF vulnerable to insertion of sensitive information into maintenance data
Details
ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability.
- Insertion of sensitive information into maintenance data (CWE-532) - CVE-2025-68919
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001578.html",
"dc:date": "2026-01-20T20:00+09:00",
"dcterms:issued": "2026-01-20T20:00+09:00",
"dcterms:modified": "2026-01-20T20:00+09:00",
"description": "ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability.\u003cul\u003e\u003cli\u003eInsertion of sensitive information into maintenance data (CWE-532) - CVE-2025-68919\u003c/li\u003e\u003c/ul\u003eFsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-001578.html",
"sec:cpe": {
"#text": "cpe:/a:misc:fsas_technologies_eternus_sf",
"@product": "ETERNUS SF",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-001578",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU94305241/index.html",
"@id": "JVNVU#94305241",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-68919",
"@id": "CVE-2025-68919",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/532.html",
"@id": "CWE-532",
"@title": "Information Exposure Through Log Files(CWE-532)"
}
],
"title": "ETERNUS SF vulnerable to insertion of sensitive information into maintenance data"
}
JVNDB-2025-000092
Vulnerability from jvndb - Published: 2025-10-20 14:20 - Updated:2025-10-20 14:20
Severity
Summary
ETERNUS SF vulnerable to incorrect default permissions
Details
ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability.
- Incorrect default permissions (CWE-276) - CVE-2025-62577
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000092.html",
"dc:date": "2025-10-20T14:20+09:00",
"dcterms:issued": "2025-10-20T14:20+09:00",
"dcterms:modified": "2025-10-20T14:20+09:00",
"description": "ETERNUS SF provided by Fsas Technologies Inc. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eIncorrect default permissions (CWE-276) - CVE-2025-62577\u003c/li\u003e\u003c/ul\u003e\r\nFsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000092.html",
"sec:cpe": {
"#text": "cpe:/a:misc:fsas_technologies_eternus_sf",
"@product": "ETERNUS SF",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000092",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN44266462/index.html",
"@id": "JVN#44266462",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-62577",
"@id": "CVE-2025-62577",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "ETERNUS SF vulnerable to incorrect default permissions"
}
JVNDB-2024-000090
Vulnerability from jvndb - Published: 2024-09-06 14:39 - Updated:2024-09-06 14:39
Severity
Summary
Secure Boot bypass Vulnerability in PRIMERGY
Details
PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" (CVE-2024-8105), which was publicly disclosed by Binarly.
Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000090.html",
"dc:date": "2024-09-06T14:39+09:00",
"dcterms:issued": "2024-09-06T14:39+09:00",
"dcterms:modified": "2024-09-06T14:39+09:00",
"description": "PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called \"PKFail\" (CVE-2024-8105), which was publicly disclosed by Binarly.\r\n\r\nFsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000090.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:fsas_technologies_primergy_gx2460_m1",
"@product": "PRIMERGY GX2460 M1",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:fsas_technologies_primergy_gx2570_m6",
"@product": "PRIMERGY GX2570 M6",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000090",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49873988/index.html",
"@id": "JVN#49873988",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-8105",
"@id": "CVE-2024-8105",
"@source": "CVE"
},
{
"#text": "https://kb.cert.org/vuls/id/455367",
"@id": "VU#455367",
"@source": "CERT-VN"
},
{
"#text": "https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem",
"@id": "PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem",
"@source": "Related document"
},
{
"#text": "https://22222483.fs1.hubspotusercontent-na1.net/hubfs/22222483/Reports/PKfail%20-%20Binarly%20Research%20Report%20July%2025%202024.pdf",
"@id": "PKfail - Binarly Research Report July 25 2024 (PDF)",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Secure Boot bypass Vulnerability in PRIMERGY"
}
JVNDB-2024-000091
Vulnerability from jvndb - Published: 2024-08-30 14:56 - Updated:2024-08-30 14:56
Severity
Summary
IPCOM vulnerable to information disclosure
Details
SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy (CWE-208).
Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000091.html",
"dc:date": "2024-08-30T14:56+09:00",
"dcterms:issued": "2024-08-30T14:56+09:00",
"dcterms:modified": "2024-08-30T14:56+09:00",
"description": "SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy (CWE-208).\r\n\r\nFsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000091.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:fsas_technologies_ipcom",
"@product": "IPCOM",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:fsas_technologies_ipcom",
"@product": "IPCOM",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000091",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29238389/index.html",
"@id": "JVN#29238389",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39921",
"@id": "CVE-2024-39921",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "IPCOM vulnerable to information disclosure"
}
JVNDB-2024-000063
Vulnerability from jvndb - Published: 2024-06-18 13:43 - Updated:2024-06-18 13:43
Severity
Summary
Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR
Details
ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below.
* Path Traversal (CWE-36) (CVE-2024-33620)
* Missing Authentication (CWE-306) (CVE-2024-33622)
* Information disclosure (CWE-204) (CVE-2024-34024)
Christian Demko of WithSecure KK reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer Fsas Technologies Inc.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000063.html",
"dc:date": "2024-06-18T13:43+09:00",
"dcterms:issued": "2024-06-18T13:43+09:00",
"dcterms:modified": "2024-06-18T13:43+09:00",
"description": "ID Link Manager and FUJITSU Software TIME CREATOR provided by Fsas Technologies Inc. contain multiple vulnerabilities listed below.\r\n\r\n* Path Traversal (CWE-36) (CVE-2024-33620)\r\n* Missing Authentication (CWE-306) (CVE-2024-33622)\r\n* Information disclosure (CWE-204) (CVE-2024-34024)\r\n\r\nChristian Demko of WithSecure KK reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer Fsas Technologies Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000063.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:fsas_technologies_fujitsu_business_application_id_link_manager2",
"@product": "FUJITSU Business Application ID Link ManagerII",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:fsas_technologies_fujitsu_software_id_link_manager",
"@product": "FUJITSU Software ID Link Manager",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:fsas_technologies_fujitsu_software_time_creator_id_link_manager",
"@product": "FUJITSU Software TIME CREATOR ID Link Manager",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000063",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN65171386/index.html",
"@id": "JVN#65171386",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-33620",
"@id": "CVE-2024-33620",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-33622",
"@id": "CVE-2024-33622",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-34024",
"@id": "CVE-2024-34024",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Multiple vulnerabilities in ID Link Manager and FUJITSU Software TIME CREATOR"
}
JVNDB-2024-000062
Vulnerability from jvndb - Published: 2024-06-12 15:03 - Updated:2024-06-12 15:03
Severity
Summary
Denial-of-service (DoS) vulnerability in IPCOM WAF function
Details
WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability (CWE-908).
Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000062.html",
"dc:date": "2024-06-12T15:03+09:00",
"dcterms:issued": "2024-06-12T15:03+09:00",
"dcterms:modified": "2024-06-12T15:03+09:00",
"description": "WAF function of IPCOM provided by Fsas Technologies Inc. contains a denial-of-service (DoS) vulnerability (CWE-908).\r\n\r\nFsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Fsas Technologies Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000062.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:fsas_technologies_ipcom",
"@product": "IPCOM",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:fsas_technologies_ipcom",
"@product": "IPCOM",
"@vendor": "Fsas Technologies Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000062",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN25594256/index.html",
"@id": "JVN#25594256",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36454",
"@id": "CVE-2024-36454",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Denial-of-service (DoS) vulnerability in IPCOM WAF function"
}
CVE-2026-32325 (GCVE-0-2026-32325)
Vulnerability from cvelistv5 – Published: 2026-06-01 07:17 – Updated: 2026-06-01 13:11
VLAI
Summary
Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-268 - Privilege chaining
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ServerView Agents for Windows |
Affected:
V11.60.04 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:11:06.505496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:11:20.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServerView Agents for Windows",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V11.60.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege chaining",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:17:31.045Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0529.html"
},
{
"url": "https://jvn.jp/en/jp/JVN67883085/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-32325",
"datePublished": "2026-06-01T07:17:31.045Z",
"dateReserved": "2026-05-14T05:26:45.359Z",
"dateUpdated": "2026-06-01T13:11:20.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27788 (GCVE-0-2026-27788)
Vulnerability from cvelistv5 – Published: 2026-06-01 07:17 – Updated: 2026-06-01 13:11
VLAI
Summary
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect permission assignment for critical resource
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ServerView Agents for Windows |
Affected:
V11.60.04 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T13:11:40.244948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:11:53.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServerView Agents for Windows",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V11.60.04 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect permission assignment for critical resource",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:17:25.238Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0529.html"
},
{
"url": "https://jvn.jp/en/jp/JVN67883085/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-27788",
"datePublished": "2026-06-01T07:17:25.238Z",
"dateReserved": "2026-05-14T05:26:40.582Z",
"dateUpdated": "2026-06-01T13:11:53.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24016 (GCVE-0-2026-24016)
Vulnerability from cvelistv5 – Published: 2026-01-21 07:19 – Updated: 2026-02-24 14:51
VLAI
Summary
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ServerView Agents for Windows |
Affected:
V11.50.06 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T14:28:05.334267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:28:14.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-24T14:51:46.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-ISS-2026-012107-Security-Notice.pdf"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ServerView Agents for Windows",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V11.50.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T07:19:03.236Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2026/0121.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65211823/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-24016",
"datePublished": "2026-01-21T07:19:03.236Z",
"dateReserved": "2026-01-20T05:13:56.618Z",
"dateUpdated": "2026-02-24T14:51:46.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62577 (GCVE-0-2025-62577)
Vulnerability from cvelistv5 – Published: 2025-10-20 05:32 – Updated: 2025-11-03 16:06
VLAI
Summary
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect default permissions
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11) |
Affected:
15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF Storage Cruiser (for Solaris 10/ 11) |
Affected:
15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9) |
Affected:
16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF Expressn (for RHEL 7/ 8/ 9) |
Affected:
16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9) |
Affected:
16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022) |
Affected:
16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022) |
Affected:
16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
|
| Fsas Technologies Inc. | ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022) |
Affected:
16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62577",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T14:12:12.186180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T14:12:31.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T16:06:00.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.ts.fujitsu.com/ProductSecurity/content/FsasTech-PSIRT-FTI-STR-2025-102005-Security-Notice.pdf"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for Solaris 10/ 11)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruiser (for Solaris 10/ 11)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "15.0/ 15.1/ 15.2/ 15.3/ 16.0/ 16.1/ 16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Expressn (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruisern (for RHEL 7/ 8/ 9)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.2/ 16.3/ 16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF AdvancedCopy Manager Standard Edition (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Express (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
},
{
"product": "ETERNUS SF Storage Cruiser (for Windows Server 2016/ 2019/ 2022)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "16.4/ 16.5/ 16.6/ 16.7/ 16.8/ 16.9/ 16.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect default permissions",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T05:32:41.402Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html"
},
{
"url": "https://www.fsastech.com/ja-jp/resources/security/2025/1020.html"
},
{
"url": "https://jvn.jp/en/jp/JVN44266462/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-62577",
"datePublished": "2025-10-20T05:32:41.402Z",
"dateReserved": "2025-10-16T00:39:29.822Z",
"dateUpdated": "2025-11-03T16:06:00.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39921 (GCVE-0-2024-39921)
Vulnerability from cvelistv5 – Published: 2024-09-04 01:51 – Updated: 2025-03-13 13:26
VLAI
Summary
Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Observable timing discrepancy
- CWE-203 - Observable Discrepancy
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | IPCOM EX2 Series |
Affected:
V01L02NF0001 to V01L06NF0401
|
|
| Fsas Technologies Inc. | IPCOM EX2 Series |
Affected:
V01L20NF0001 to V01L20NF0401
|
|
| Fsas Technologies Inc. | IPCOM EX2 Series |
Affected:
V02L20NF0001 to V02L21NF0301
|
|
| Fsas Technologies Inc. | IPCOM VE2 Series |
Affected:
V01L04NF0001 to V01L06NF0112
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:16:53.423725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:26:40.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IPCOM EX2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L02NF0001 to V01L06NF0401"
}
]
},
{
"product": "IPCOM EX2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L20NF0001 to V01L20NF0401"
}
]
},
{
"product": "IPCOM EX2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V02L20NF0001 to V02L21NF0301"
}
]
},
{
"product": "IPCOM VE2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L04NF0001 to V01L06NF0112"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Observable timing discrepancy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T01:51:14.241Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-04/"
},
{
"url": "https://jvn.jp/en/jp/JVN29238389/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39921",
"datePublished": "2024-09-04T01:51:14.241Z",
"dateReserved": "2024-07-03T05:21:05.058Z",
"dateUpdated": "2025-03-13T13:26:40.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34024 (GCVE-0-2024-34024)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:44 – Updated: 2024-11-15 20:34
VLAI
Summary
Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Observable response discrepancy
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager SaaS |
Affected:
Versions before the maintenance on June 16
Affected: 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-34024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:28:09.078006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T20:34:45.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager SaaS",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "Versions before the maintenance on June 16"
},
{
"status": "affected",
"version": " 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Observable response discrepancy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:59.077Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-34024",
"datePublished": "2024-06-18T05:44:59.077Z",
"dateReserved": "2024-05-22T00:24:01.201Z",
"dateUpdated": "2024-11-15T20:34:45.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33620 (GCVE-0-2024-33620)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:44 – Updated: 2024-08-13 19:17
VLAI
Summary
Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Absolute path traversal
- CWE-36 - Absolute Path Traversal
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| fujitsu | business_application_id_link_manager_ii |
Affected:
0 , ≤ 1.8
(custom)
cpe:2.3:a:fujitsu:business_application_id_link_manager_ii:*:*:*:*:*:*:*:* |
|
| fujitsu | id_link_manager |
Affected:
2.0
cpe:2.3:a:fujitsu:id_link_manager:2.0:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.3.0
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.0:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.3.1
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.1:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.4
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.4:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.5
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.5:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.6
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.6:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
2.7
cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.7:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0.2
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0.2.1
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2.1:*:*:*:*:*:*:* |
|
| fujitsu | time_creator_id_link_manager |
Affected:
3.0.3
cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fujitsu:business_application_id_link_manager_ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "business_application_id_link_manager_ii",
"vendor": "fujitsu",
"versions": [
{
"lessThanOrEqual": "1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:id_link_manager:2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.6"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "2.7"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0.2.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "time_creator_id_link_manager",
"vendor": "fujitsu",
"versions": [
{
"status": "affected",
"version": "3.0.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T17:27:20.527344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T19:17:23.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Absolute path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:53.121Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33620",
"datePublished": "2024-06-18T05:44:53.121Z",
"dateReserved": "2024-05-22T00:23:59.245Z",
"dateUpdated": "2024-08-13T19:17:23.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33622 (GCVE-0-2024-33622)
Vulnerability from cvelistv5 – Published: 2024-06-18 05:44 – Updated: 2024-11-21 15:37
VLAI
Summary
Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Missing authentication for critical function
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | FUJITSU Business Application ID Link Manager II |
Affected:
V1.8 and earlier
|
|
| Fsas Technologies Inc. | FUJITSU Software ID Link Manager |
Affected:
V2.0
|
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V2.3.0
Affected: V2.3.1 Affected: V2.4 Affected: V2.5 Affected: V2.6 Affected: and V2.7 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager |
Affected:
V3.0
Affected: V3.0.2 Affected: V3.0.2.1 Affected: and V3.0.3 |
|
| Fsas Technologies Inc. | FUJITSU Software TIME CREATOR ID Link Manager SaaS |
Affected:
Versions before the maintenance on June 16
Affected: 2024 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T16:30:50.447465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:37:25.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FUJITSU Business Application ID Link Manager II",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V1.8 and earlier"
}
]
},
{
"product": "FUJITSU Software ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.0"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V2.3.0"
},
{
"status": "affected",
"version": " V2.3.1"
},
{
"status": "affected",
"version": " V2.4"
},
{
"status": "affected",
"version": " V2.5"
},
{
"status": "affected",
"version": " V2.6"
},
{
"status": "affected",
"version": " and V2.7"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V3.0"
},
{
"status": "affected",
"version": " V3.0.2"
},
{
"status": "affected",
"version": " V3.0.2.1"
},
{
"status": "affected",
"version": " and V3.0.3"
}
]
},
{
"product": "FUJITSU Software TIME CREATOR ID Link Manager SaaS",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "Versions before the maintenance on June 16"
},
{
"status": "affected",
"version": " 2024"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authentication for critical function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T05:44:18.590Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"
},
{
"url": "https://jvn.jp/en/jp/JVN65171386/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-33622",
"datePublished": "2024-06-18T05:44:18.590Z",
"dateReserved": "2024-05-22T00:24:00.288Z",
"dateUpdated": "2024-11-21T15:37:25.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36454 (GCVE-0-2024-36454)
Vulnerability from cvelistv5 – Published: 2024-06-12 05:12 – Updated: 2024-08-02 03:37
VLAI
Summary
Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Use of Uninitialized Resource
- CWE-908 - Use of Uninitialized Resource
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Fsas Technologies Inc. | IPCOM EX2 Series (V01L0x Series) |
Affected:
V01L07NF0201 and earlier
|
|
| Fsas Technologies Inc. | IPCOM VE2 Series |
Affected:
V01L07NF0201 and earlier
|
|
| fujitsu | ipcom_ex2_sc_3500_firmware |
Affected:
0 , ≤ 01l07nf0201
(custom)
cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:-:*:*:*:*:*:*:* |
|
| fujitsu | ipcom_ve2_ls_plus2_220_firmware |
Affected:
0 , ≤ 01l07nf0201
(custom)
cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:fujitsu:ipcom_ex2_in_3200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_in_3500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_lb_3500_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ex2_sc_3500_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipcom_ex2_sc_3500_firmware",
"vendor": "fujitsu",
"versions": [
{
"lessThanOrEqual": "01l07nf0201",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_100_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_200_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus_220_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:fujitsu:ipcom_ve2_ls_plus2_220_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipcom_ve2_ls_plus2_220_firmware",
"vendor": "fujitsu",
"versions": [
{
"lessThanOrEqual": "01l07nf0201",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:17:41.103809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T18:27:45.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-02/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25594256/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCOM EX2 Series (V01L0x Series)",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L07NF0201 and earlier"
}
]
},
{
"product": "IPCOM VE2 Series",
"vendor": "Fsas Technologies Inc.",
"versions": [
{
"status": "affected",
"version": "V01L07NF0201 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Uninitialized Resource",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T05:12:24.382Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-02/"
},
{
"url": "https://jvn.jp/en/jp/JVN25594256/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36454",
"datePublished": "2024-06-12T05:12:24.382Z",
"dateReserved": "2024-05-28T08:11:26.050Z",
"dateUpdated": "2024-08-02T03:37:05.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}