jvndb-2024-000057
Vulnerability from jvndb
Published
2024-06-03 15:32
Modified
2024-06-03 15:32
Severity ?
5.4 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in UNIVERSAL PASSPORT RX
Details
UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. <ul><li>Cross-site scripting (CWE-79) - CVE-2023-42427</li> <li>Dependency on vulnerable third-party component (CWE-1395)<br /> Known vulnerability in Primefaces library used in the product</li> <li>Cross-site scripting (CWE-79) - CVE-2023-51436</li></ul> CVE-2023-42427 Japan System Techniques Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Japan System Techniques Co., Ltd. coordinated under the Information Security Early Warning Partnership. Known vulnerability in Primefaces library Morita Keiichi and Watanabe Kosuke of Tokyo Denki University reported to Japan System Techniques Co., Ltd. that this vulnerability still exists in the product and coordinated. Japan System Techniques Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability. CVE-2023-51436 MATSUMOTO Yuuki of Tokyo University of Information Sciences reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN https://jvn.jp/en/jp/JVN43215077/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2023-42427
CVE https://www.cve.org/CVERecord?id=CVE-2023-51436
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Japan System Techniques Co., Ltd.UNIVERSAL PASSPORT RX
Japan System Techniques Co., Ltd.UNIVERSAL PASSPORT RX
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000057.html",
  "dc:date": "2024-06-03T15:32+09:00",
  "dcterms:issued": "2024-06-03T15:32+09:00",
  "dcterms:modified": "2024-06-03T15:32+09:00",
  "description": "UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eCross-site scripting (CWE-79) - CVE-2023-42427\u003c/li\u003e\r\n\u003cli\u003eDependency on vulnerable third-party component (CWE-1395)\u003cbr /\u003e\r\nKnown vulnerability in Primefaces library used in the product\u003c/li\u003e\r\n\u003cli\u003eCross-site scripting (CWE-79) - CVE-2023-51436\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2023-42427\r\nJapan System Techniques Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Japan System Techniques Co., Ltd. coordinated under the Information Security Early Warning Partnership.\r\n\r\nKnown vulnerability in Primefaces library\r\nMorita Keiichi and Watanabe Kosuke of Tokyo Denki University reported to Japan System Techniques Co., Ltd. that this vulnerability still exists in the product and coordinated. Japan System Techniques Co., Ltd. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.\r\n\r\nCVE-2023-51436\r\nMATSUMOTO Yuuki of Tokyo University of Information Sciences reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000057.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:misc:japan_system_techniques_universal_passport_rx",
      "@product": "UNIVERSAL PASSPORT RX",
      "@vendor": "Japan System Techniques Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:japan_system_techniques_universal_passport_rx",
      "@product": "UNIVERSAL PASSPORT RX",
      "@vendor": "Japan System Techniques Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.4",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000057",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN43215077/index.html",
      "@id": "JVN#43215077",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-42427",
      "@id": "CVE-2023-42427",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-51436",
      "@id": "CVE-2023-51436",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in UNIVERSAL PASSPORT RX"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.