Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by S-cubism Inc.

    JVNDB-2024-000054

    Vulnerability from jvndb - Published: 2024-05-29 14:06 - Updated:2024-05-29 14:06
    Severity
    Summary
    EC-Orange vulnerable to authorization bypass
    Details
    EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE. EC-Orange contains an authorization bypass vulnerability (CWE-639). This is the same issue as JVN#51770585 (EC-CUBE vulnerable to authorization bypass). This vulnerability was reported on July 2015. The coordination with the developer was resumed on December 2023, and this JVN publication was agreed upon.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000054.html",
      "dc:date": "2024-05-29T14:06+09:00",
      "dcterms:issued": "2024-05-29T14:06+09:00",
      "dcterms:modified": "2024-05-29T14:06+09:00",
      "description": "EC-Orange provided by S-cubism Inc. is an e-commerce website building system package based on an open source software EC-CUBE.\r\nEC-Orange contains an authorization bypass vulnerability (CWE-639).\r\nThis is the same issue as JVN#51770585 (EC-CUBE vulnerable to authorization bypass).\r\n\r\nThis vulnerability was reported on July 2015.\r\nThe coordination with the developer was resumed on December 2023, and this JVN publication was agreed upon.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000054.html",
      "sec:cpe": {
        "#text": "cpe:/a:misc:scubism_ec-orange",
        "@product": "EC-Orange",
        "@vendor": "S-cubism Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.3",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000054",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN15637138/index.html",
          "@id": "JVN#15637138",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/jp/JVN51770585/index.html",
          "@id": "JVN#51770585",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0808",
          "@id": "CVE-2014-0808",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-0808",
          "@id": "CVE-2014-0808",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "EC-Orange vulnerable to authorization bypass"
    }