Vulnerabilites related to daj - i-filter
CVE-2018-16180 (GCVE-0-2018-16180)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Version: Ver.9.50R05 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:37.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16180",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:37.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21170 (GCVE-0-2022-21170)
Vulnerability from cvelistv5
Published
2022-03-07 09:00
Modified
2024-08-03 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper check for certificate revocation
Summary
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER |
Version: i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check for certificate revocation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T09:00:37",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER, i-FILTER Browser \u0026 Cloud MultiAgent for Windows, and D-SPA using i-FILTER",
"version": {
"version_data": [
{
"version_value": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check for certificate revocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.daj.co.jp/user/ifilter/V10/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"name": "https://download.daj.co.jp/user/ifb/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V4/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"name": "https://download.daj.co.jp/user/dspa/V3/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"name": "https://jvn.jp/en/jp/JVN33214411/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21170",
"datePublished": "2022-03-07T09:00:37",
"dateReserved": "2022-01-31T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16181 (GCVE-0-2018-16181)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- HTTP header injection
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Digital Arts Inc. | i-FILTER |
Version: Ver.9.50R05 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "i-FILTER",
"vendor": "Digital Arts Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.50R05 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP header injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#32155106",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "i-FILTER",
"version": {
"version_data": [
{
"version_value": "Ver.9.50R05 and earlier"
}
]
}
}
]
},
"vendor_name": "Digital Arts Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP header injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#32155106",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"name": "https://download.daj.co.jp/user/ifilter/V9/",
"refsource": "MISC",
"url": "https://download.daj.co.jp/user/ifilter/V9/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16181",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:52
Severity ?
Summary
HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://download.daj.co.jp/user/ifilter/V9/ | Permissions Required, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN32155106/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.daj.co.jp/user/ifilter/V9/ | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN32155106/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CCC75C-3427-4B4A-9C3F-824930DBFDD5",
"versionEndIncluding": "9.50r05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de cabeceras HTTP en i-FILTER, en versiones 9.50R05 y anteriores, podr\u00eda permitir que atacantes remotos inyecten cabeceras HTTP arbitrarias y lleven a cabo ataques de separaci\u00f3n de respuesta HTTP que podr\u00edan resultar en la inyecci\u00f3n de scripts arbitrarios o en la configuraci\u00f3n de valores de cookie arbitrarios mediante vectores sin especificar."
}
],
"id": "CVE-2018-16181",
"lastModified": "2024-11-21T03:52:14.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:03.873",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-113"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:45
Modified
2024-11-21 06:44
Severity ?
Summary
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| daj | i-filter_browser_\&_cloud_multiagent | * | |
| daj | i-filter | * | |
| daj | i-filter | * | |
| daj | dspa-15000_m5 | 3 | |
| daj | dspa-15000_m5 | 4 | |
| daj | dspa-2000_m4 | 4 | |
| daj | dspa-4000_m4 | 4 | |
| daj | dspa-7000_m5 | 3 | |
| daj | dspa-7000_m5 | 4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daj:i-filter_browser_\\\u0026_cloud_multiagent:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0A067113-D8E7-44A5-8B94-C60259A003DD",
"versionEndIncluding": "4.93r04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8322913-9EC0-4A2C-BB6E-CED5BA681B6F",
"versionEndIncluding": "9.50r10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEBABB4-18EA-47A8-A421-B6733EB2C9AD",
"versionEndIncluding": "10.45r01",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:daj:dspa-15000_m5:3:*:*:*:*:*:*:*",
"matchCriteriaId": "9D48721B-0841-49AB-BD04-2C48F4C23EEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:daj:dspa-15000_m5:4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B5073D-2359-4A37-B203-D45799BA9045",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:daj:dspa-2000_m4:4:*:*:*:*:*:*:*",
"matchCriteriaId": "950E990E-8809-4E06-BCD3-9AE4DE613B01",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:daj:dspa-4000_m4:4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D521EF9-C517-4114-8AA8-0DD78BE19476",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:daj:dspa-7000_m5:3:*:*:*:*:*:*:*",
"matchCriteriaId": "45FC586C-85E6-469D-8A4E-C145E60B3109",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:daj:dspa-7000_m5:4:*:*:*:*:*:*:*",
"matchCriteriaId": "399E9A87-DF61-4B0C-8134-3912E8161904",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser \u0026 Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n inapropiada de la revocaci\u00f3n de certificados en i-FILTER Versiones 10.45R01 y anteriores, i-FILTER Versiones 9.50R10 y anteriores, i-FILTER Browser \u0026amp; Cloud MultiAgent para Windows Versiones 4.93R04 y anteriores, y D-SPA (Versi\u00f3n 3 / Versi\u00f3n 4) usando i-FILTER permite a un atacante remoto no autenticado realizar un ataque de tipo man-in-the-middle y espiar una comunicaci\u00f3n cifrada"
}
],
"id": "CVE-2022-21170",
"lastModified": "2024-11-21T06:44:01.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:45:10.083",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/dspa/V3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/dspa/V4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifb/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN33214411/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:52
Severity ?
Summary
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://download.daj.co.jp/user/ifilter/V9/ | Permissions Required, Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN32155106/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.daj.co.jp/user/ifilter/V9/ | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN32155106/index.html | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35CCC75C-3427-4B4A-9C3F-824930DBFDD5",
"versionEndIncluding": "9.50r05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en i-FILTER, en versiones Ver.9.50R05 y anteriores, permite que los atacantes inyecten scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2018-16180",
"lastModified": "2024-11-21T03:52:14.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:03.827",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://download.daj.co.jp/user/ifilter/V9/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN32155106/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}