jvndb-2023-000091
Vulnerability from jvndb
Published
2023-09-05 15:51
Modified
2024-05-14 18:06
Severity ?
Summary
Multiple vulnerabilities in F-RevoCRM
Details
F-RevoCRM provided by ThinkingReed inc. contains multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-41149
* Cross-site scripting vulnerability (CWE-79) - CVE-2023-41150
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN78113802/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-41149 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-41150 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-41149 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-41150 | |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| thinkingreed | F-RevoCRM |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000091.html",
"dc:date": "2024-05-14T18:06+09:00",
"dcterms:issued": "2023-09-05T15:51+09:00",
"dcterms:modified": "2024-05-14T18:06+09:00",
"description": "F-RevoCRM provided by ThinkingReed inc. contains multiple vulnerabilities listed below.\r\n\r\n * OS Command Injection (CWE-78) - CVE-2023-41149\r\n * Cross-site scripting vulnerability (CWE-79) - CVE-2023-41150\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000091.html",
"sec:cpe": {
"#text": "cpe:/a:f-revocrm:f-revocrm",
"@product": "F-RevoCRM",
"@vendor": "thinkingreed",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000091",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN78113802/index.html",
"@id": "JVN#78113802",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41149",
"@id": "CVE-2023-41149",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41150",
"@id": "CVE-2023-41150",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41149",
"@id": "CVE-2023-41149",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41150",
"@id": "CVE-2023-41150",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in F-RevoCRM"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.