Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by QualitySoft Corporation
CVE-2025-64701 (GCVE-0-2025-64701)
Vulnerability from nvd – Published: 2025-12-11 08:13 – Updated: 2025-12-11 17:24
VLAI
Summary
QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-268 - Privilege chaining
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QualitySoft Corporation | QND Premium/Advance/Standard |
Affected:
Ver.11.0.9i and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T17:23:59.487535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T17:24:06.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QND Premium/Advance/Standard",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.11.0.9i and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege chaining",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T08:13:56.831Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2025/"
},
{
"url": "https://jvn.jp/jp/JVN40102375/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-64701",
"datePublished": "2025-12-11T08:13:56.831Z",
"dateReserved": "2025-12-03T05:56:46.569Z",
"dateUpdated": "2025-12-11T17:24:06.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from nvd – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20713 (GCVE-0-2021-20713)
Vulnerability from nvd – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qualitysoft.com/product/qnd_vulnerabi… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN74686032/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QualitySoft Corporation | QND Advance/Premium/Standard |
Affected:
Ver.11.0.4i and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN74686032/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QND Advance/Premium/Standard",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.11.0.4i and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product\u0027s Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN74686032/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QND Advance/Premium/Standard",
"version": {
"version_data": [
{
"version_value": "Ver.11.0.4i and earlier"
}
]
}
}
]
},
"vendor_name": "QualitySoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product\u0027s Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/",
"refsource": "MISC",
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/"
},
{
"name": "https://jvn.jp/en/jp/JVN74686032/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN74686032/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20713",
"datePublished": "2021-05-24T03:20:28.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10861 (GCVE-0-2017-10861)
Vulnerability from nvd – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU94198685/index.html | x_refsource_MISC |
| http://www.qualitysoft.com/qnd_vulnerabilities | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QualitySoft Corporation | QND Advance/Standard |
Affected:
all versions
|
Date Public
2017-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qualitysoft.com/qnd_vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QND Advance/Standard",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qualitysoft.com/qnd_vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QND Advance/Standard",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "QualitySoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU94198685/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
},
{
"name": "http://www.qualitysoft.com/qnd_vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.qualitysoft.com/qnd_vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10861",
"datePublished": "2017-12-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-64701 (GCVE-0-2025-64701)
Vulnerability from cvelistv5 – Published: 2025-12-11 08:13 – Updated: 2025-12-11 17:24
VLAI
Summary
QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-268 - Privilege chaining
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QualitySoft Corporation | QND Premium/Advance/Standard |
Affected:
Ver.11.0.9i and prior
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T17:23:59.487535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T17:24:06.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QND Premium/Advance/Standard",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.11.0.9i and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege chaining",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T08:13:56.831Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2025/"
},
{
"url": "https://jvn.jp/jp/JVN40102375/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-64701",
"datePublished": "2025-12-11T08:13:56.831Z",
"dateReserved": "2025-12-03T05:56:46.569Z",
"dateUpdated": "2025-12-11T17:24:06.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20713 (GCVE-0-2021-20713)
Vulnerability from cvelistv5 – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed.
Severity
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qualitysoft.com/product/qnd_vulnerabi… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN74686032/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QualitySoft Corporation | QND Advance/Premium/Standard |
Affected:
Ver.11.0.4i and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN74686032/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QND Advance/Premium/Standard",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "Ver.11.0.4i and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product\u0027s Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN74686032/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QND Advance/Premium/Standard",
"version": {
"version_data": [
{
"version_value": "Ver.11.0.4i and earlier"
}
]
}
}
]
},
"vendor_name": "QualitySoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product\u0027s Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/",
"refsource": "MISC",
"url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2021/"
},
{
"name": "https://jvn.jp/en/jp/JVN74686032/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN74686032/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20713",
"datePublished": "2021-05-24T03:20:28.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10861 (GCVE-0-2017-10861)
Vulnerability from cvelistv5 – Published: 2017-12-01 14:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/vu/JVNVU94198685/index.html | x_refsource_MISC |
| http://www.qualitysoft.com/qnd_vulnerabilities | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QualitySoft Corporation | QND Advance/Standard |
Affected:
all versions
|
Date Public
2017-11-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.qualitysoft.com/qnd_vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QND Advance/Standard",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-11-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-01T13:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.qualitysoft.com/qnd_vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QND Advance/Standard",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "QualitySoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/vu/JVNVU94198685/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU94198685/index.html"
},
{
"name": "http://www.qualitysoft.com/qnd_vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.qualitysoft.com/qnd_vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10861",
"datePublished": "2017-12-01T14:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2025-000115
Vulnerability from jvndb - Published: 2025-12-11 14:33 - Updated:2025-12-11 14:33
Severity
Summary
QND vulnerable to privilege escalation
Details
QND provided by QualitySoft Corporation contains the following vulnerability.
- Privilege Chaining (CWE-268) - CVE-2025-64701
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000115.html",
"dc:date": "2025-12-11T14:33+09:00",
"dcterms:issued": "2025-12-11T14:33+09:00",
"dcterms:modified": "2025-12-11T14:33+09:00",
"description": "QND provided by QualitySoft Corporation contains the following vulnerability.\u003cul\u003e\u003cli\u003ePrivilege Chaining (CWE-268) - CVE-2025-64701\u003c/li\u003e\u003c/ul\u003eTongren Chen of PwC Consulting LLC reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000115.html",
"sec:cpe": {
"#text": "cpe:/a:qualitysoft:qnd_premium%2Fadvance%2Fstandard",
"@product": "QND Premium/Advance/Standard",
"@vendor": "QualitySoft Corporation",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000115",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN40102375/index.html",
"@id": "JVN#40102375",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-64701",
"@id": "CVE-2025-64701",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "QND vulnerable to privilege escalation"
}
JVNDB-2024-000095
Vulnerability from jvndb - Published: 2024-09-09 16:40 - Updated:2024-09-09 16:40
Severity
Summary
Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
Details
Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).
Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
"dc:date": "2024-09-09T16:40+09:00",
"dcterms:issued": "2024-09-09T16:40+09:00",
"dcterms:modified": "2024-09-09T16:40+09:00",
"description": "Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
"sec:cpe": [
{
"#text": "cpe:/a:hammock:assetview_f",
"@product": "AssetView F",
"@vendor": "Hammock Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_cats",
"@product": "InterSafe CATS",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_gatewayconnection",
"@product": "InterSafe GatewayConnection",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_logdirector",
"@product": "InterSafe LogDirector",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_lognavigator",
"@product": "InterSafe LogNavigator",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_mobilesecurity",
"@product": "InterSafe MobileSecurity",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_webfilter",
"@product": "InterSafe WebFilter",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:axseed_sppm_bizbrower",
"@product": "SPPM BizBrowser",
"@vendor": "AXSEED,Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:axseed_sppm_secure_filtering",
"@product": "SPPM Secure Filtering",
"@vendor": "AXSEED,Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:jmas_kaito_secure_browser",
"@product": "KAITO Secure Browser",
"@vendor": "JMA Systems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:mjs_mjs_web_filtering",
"@product": "MJS Web Filtering",
"@vendor": "MIROKU JYOHO SERVICE CO., LTD. (MJS)",
"@version": "2.2"
},
{
"#text": "cpe:/a:motex:lanscope_endpoint_manager_web_filtering",
"@product": "LANSCOPE Endpoint Manager Web Filtering",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:qualitysoft:url_filtering",
"@product": "URL Filtering",
"@vendor": "QualitySoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_webmanager",
"@product": "InterScan WebManager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN05579230/index.html",
"@id": "JVN#05579230",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-45504",
"@id": "CVE-2024-45504",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery"
}
JVNDB-2021-000040
Vulnerability from jvndb - Published: 2021-05-21 14:21 - Updated:2021-05-21 14:21
Severity
Summary
QND vulnerable to privilege escalation
Details
QND provided by QualitySoft Corporation contains a privilege escalation vulnerability (CWE-268).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. RedTeam reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000040.html",
"dc:date": "2021-05-21T14:21+09:00",
"dcterms:issued": "2021-05-21T14:21+09:00",
"dcterms:modified": "2021-05-21T14:21+09:00",
"description": "QND provided by QualitySoft Corporation contains a privilege escalation vulnerability (CWE-268).\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. RedTeam reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000040.html",
"sec:cpe": {
"#text": "cpe:/a:qualitysoft:qnd",
"@product": "QND",
"@vendor": "QualitySoft Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000040",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN74686032/index.html",
"@id": "JVN#74686032",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20713",
"@id": "CVE-2021-20713",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20713",
"@id": "CVE-2021-20713",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "QND vulnerable to privilege escalation"
}
JVNDB-2017-009884
Vulnerability from jvndb - Published: 2017-11-28 11:26 - Updated:2018-03-14 14:17
Severity
Summary
QND Advance/Standard vulnerable to directory traversal
Details
QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability.
QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability (CWE-22) in an administrative server due to the issue in processing input from an agent program.
An administrative server does not require authentication in the communication between a server and an agent program either, therefore an arbitrary request from an arbitrary device with access to an administrative server can be sent and processed.
Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-009884.html",
"dc:date": "2018-03-14T14:17+09:00",
"dcterms:issued": "2017-11-28T11:26+09:00",
"dcterms:modified": "2018-03-14T14:17+09:00",
"description": "QND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability.\r\n\r\nQND Advance/Standard provided by QualitySoft Corporation contains a directory traversal vulnerability (CWE-22) in an administrative server due to the issue in processing input from an agent program.\r\nAn administrative server does not require authentication in the communication between a server and an agent program either, therefore an arbitrary request from an arbitrary device with access to an administrative server can be sent and processed.\r\n\r\nMuneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-009884.html",
"sec:cpe": {
"#text": "cpe:/a:qualitysoft:qnd_advance%2Fstandard",
"@product": "QND Advance/Standard",
"@vendor": "QualitySoft Corporation",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "9.4",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"@version": "2.0"
},
{
"@score": "9.1",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-009884",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU94198685/index.html",
"@id": "JVNVU#94198685",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10861",
"@id": "CVE-2017-10861",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10861",
"@id": "CVE-2017-10861",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "QND Advance/Standard vulnerable to directory traversal"
}