CVE-2024-41995 (GCVE-0-2024-41995)
Vulnerability from cvelistv5
Published
2024-08-06 06:51
Modified
2025-03-24 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Initialization of a Resource with an Insecure Default
Summary
Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | JavaTM Platform |
Version: Ver.12.89 and earlier |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ricoh_company_ltd:javatm_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "javatm_platform",
"vendor": "ricoh_company_ltd",
"versions": [
{
"lessThan": "12.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:19:16.839794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:15:35.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JavaTM Platform",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.12.89 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T06:51:51.329Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000010"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000010"
},
{
"url": "https://jvn.jp/en/jp/JVN78728294/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41995",
"datePublished": "2024-08-06T06:51:51.329Z",
"dateReserved": "2024-07-26T00:44:59.022Z",
"dateUpdated": "2025-03-24T17:15:35.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-41995\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-08-06T07:15:46.330\",\"lastModified\":\"2025-03-24T18:15:19.413\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.\"},{\"lang\":\"es\",\"value\":\"La inicializaci\u00f3n de un recurso con una vulnerabilidad predeterminada insegura existe en JavaTM Platform versi\u00f3n 12.89 y versiones anteriores. Si se aprovecha esta vulnerabilidad, el producto puede verse afectado por algunas vulnerabilidades conocidas de TLS1.0 y TLS1.1. En cuanto a los productos/modelos/versiones espec\u00edficos de impresoras multifunci\u00f3n y que contienen la plataforma JavaTM, consulte la informaci\u00f3n proporcionada por el proveedor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"references\":[{\"url\":\"https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000010\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://jvn.jp/en/jp/JVN78728294/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000010\",\"source\":\"vultures@jpcert.or.jp\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41995\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-06T13:19:16.839794Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ricoh_company_ltd:javatm_platform:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh_company_ltd\", \"product\": \"javatm_platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.89\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1188\", \"description\": \"CWE-1188 Initialization of a Resource with an Insecure Default\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-06T13:22:56.988Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Ricoh Company, Ltd.\", \"product\": \"JavaTM Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.12.89 and earlier\"}]}], \"references\": [{\"url\": \"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000010\"}, {\"url\": \"https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000010\"}, {\"url\": \"https://jvn.jp/en/jp/JVN78728294/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Initialization of a Resource with an Insecure Default\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-08-06T06:51:51.329Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-41995\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-24T17:15:35.878Z\", \"dateReserved\": \"2024-07-26T00:44:59.022Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-08-06T06:51:51.329Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…