|
[Japanese]
|
JVNDB-2024-000043
|
Multiple vulnerabilities in MosP kintai kanri
|
|
MosP kintai kanri provided by esMind, LLC contains multiple vulnerabilities listed below.
- Path Traversal (CWE-22) - CVE-2024-28880
- Incorrect Permission Assignment for Critical Resource (CWE-732) - CVE-2024-29078
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-28880
|
CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-29078
|
|
|
esMind, LLC
- MosP Kintai Kanri V4.6.6 and earlier versions
|
|
|
- A remote attacker who can log in to the product may obtain sensitive information of the product (CVE-2024-28880)
- A remote unauthenticated attacker with access to the product may alter the product settings (CVE-2024-29078)
|
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
|
|
esMind, LLC
|
|
- Path Traversal(CWE-22) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2024-28880
- CVE-2024-29078
|
|
- JVN : JVN#97751842
|
|
- [2024/05/09]
Web page was published
|
