jvndb-2023-000080
Vulnerability from jvndb
Published
2023-08-07 17:39
Modified
2024-03-28 17:54
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
"FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
Details
"FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly (CWE-703). When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the affected product may fail to handle this situation properly and stop working. FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN42527152/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2023-39341
NVD https://nvd.nist.gov/vuln/detail/CVE-2023-39341
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
FFRI Security, Inc.FFRI yarai
NEC CorporationActSecure X
Sky Co., LTD.EDR Pluspack
Sky Co., LTD.EDR Pluspack Cloud
Soliton Systems K.K.InfoTrace Mark II
Soliton Systems K.K.Zerona
Soliton Systems K.K.Zerona PLUS Anti-malware
SOURCENEXT CORPORATIONDouble Protection Powered by FFRI yarai
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000080.html",
  "dc:date": "2024-03-28T17:54+09:00",
  "dcterms:issued": "2023-08-07T17:39+09:00",
  "dcterms:modified": "2024-03-28T17:54+09:00",
  "description": "\"FFRI yarai\" and \"FFRI yarai Home and Business Edition\" provided by FFRI Security, Inc. handle exceptional conditions improperly (CWE-703).\r\nWhen the product\u0027s Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the affected product may fail to handle this situation properly and stop working.\r\n\r\nFFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000080.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:ffri:ffri_yarai",
      "@product": "FFRI yarai",
      "@vendor": "FFRI Security, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:actsecure_x_managed_security_service",
      "@product": "ActSecure X",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:skygroup:edr_plus_pack",
      "@product": "EDR Pluspack",
      "@vendor": "Sky Co., LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:skygroup:edr_plus_pack_cloud",
      "@product": "EDR Pluspack Cloud",
      "@vendor": "Sky Co., LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:soliton:infotrace_mark_ii_malware_protection",
      "@product": "InfoTrace Mark II",
      "@vendor": "Soliton Systems K.K.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:soliton:zerona",
      "@product": "Zerona",
      "@vendor": "Soliton Systems K.K.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:soliton:zerona_plus",
      "@product": "Zerona PLUS Anti-malware",
      "@vendor": "Soliton Systems K.K.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:sourcenext:dual_safe",
      "@product": "Double Protection Powered by FFRI yarai",
      "@vendor": "SOURCENEXT CORPORATION",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000080",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN42527152/index.html",
      "@id": "JVN#42527152",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39341",
      "@id": "CVE-2023-39341",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39341",
      "@id": "CVE-2023-39341",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "\"FFRI yarai\" and \"FFRI yarai Home and Business Edition\" handle exceptional conditions improperly"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.