From 73006dae0f5cabe91906ac7641cd9c5bea105a6c Mon Sep 17 00:00:00 2001 From: Spiegel Date: Fri, 23 Mar 2018 15:45:26 +0900 Subject: [PATCH] Remove sort function --- cli/vulnlist/main.go | 6 + cli/vulnlist/res.txt | 18519 ---------------------------------------- vuldef/vuldef.go | 12 - vuldef/vuldef_test.go | 590 -- 4 files changed, 6 insertions(+), 19121 deletions(-) delete mode 100644 cli/vulnlist/res.txt diff --git a/cli/vulnlist/main.go b/cli/vulnlist/main.go index 48c1a54..75c7e5f 100644 --- a/cli/vulnlist/main.go +++ b/cli/vulnlist/main.go @@ -3,6 +3,7 @@ package main import ( "fmt" "os" + "sort" "time" "github.com/spiegel-im-spiegel/go-myjvn" @@ -91,6 +92,11 @@ func run(start, end time.Time) { } } if vulnInfo != nil { + //sort by DateLastUpdated + sort.Slice(vulnInfo.Vulinfo, func(i int, j int) bool { + return vulnInfo.Vulinfo[i].VulinfoData.DateLastUpdated.Before(vulnInfo.Vulinfo[j].VulinfoData.DateLastUpdated.Time) + }) + //encode to JSON json, err := vulnInfo.JSON("") if err != nil { fmt.Fprintln(os.Stderr, err) diff --git a/cli/vulnlist/res.txt b/cli/vulnlist/res.txt deleted file mode 100644 index 5556724..0000000 --- a/cli/vulnlist/res.txt +++ /dev/null @@ -1,18519 +0,0 @@ -{ - "Vulinfo": [ - { - "VulinfoID": "JVNDB-2017-012562", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P04" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03745", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8956", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8956" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8956", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8956" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:24+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:24+09:00", - "DateLastUpdated": "2018-03-22T17:27:24+09:00", - "DatePublic": "2017-05-11T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012563", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03764", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8957", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8957" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8957", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8957" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:25+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:25+09:00", - "DateLastUpdated": "2018-03-22T17:27:25+09:00", - "DatePublic": "2017-06-29T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012564", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、不特定の脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P04 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "BaseScore": "9.3", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03786", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03786en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8958", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8958" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8958", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8958" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-noinfo", - "Title": "情報不足", - "URL": "https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:27+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:27+09:00", - "DateLastUpdated": "2018-03-22T17:27:27+09:00", - "DatePublic": "2017-10-05T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012565", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0506" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03813", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03813en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8981", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8981" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8981", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8981" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:28+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:28+09:00", - "DateLastUpdated": "2018-03-22T17:27:28+09:00", - "DatePublic": "2017-05-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012566", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P4" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:C/I:C/A:C", - "BaseScore": "9", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03808", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03808en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8983", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8983" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8983", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8983" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:29+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:29+09:00", - "DateLastUpdated": "2018-03-22T17:27:29+09:00", - "DatePublic": "2017-05-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012567", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、不特定の脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0506P03" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", - "BaseScore": "9.3", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03811", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03811en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8984", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8984" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8984", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8984" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-noinfo", - "Title": "情報不足", - "URL": "https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:30+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:30+09:00", - "DateLastUpdated": "2018-03-22T17:27:30+09:00", - "DatePublic": "2017-05-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012568", - "VulinfoData": { - "Title": "Android の Media Player Framework における入力確認に関する脆弱性", - "Overview": "Android の Media Player Framework には、入力確認に関する脆弱性が存在します。 本脆弱性は、Android ID: A-68160703 として公開されています。", - "Affected": [ - { - "Name": "Google", - "ProductName": "Android", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:google:android" - }, - "VersionNumber": [ - "5.1.1", - "6.0", - "6.0.1", - "7.0", - "7.1.1", - "7.1.2", - "8.0", - "8.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Android Open Source Project", - "VulinfoID": "Pixel/Nexus のセキュリティに関する公開情報 - 2018 年 2 月 ", - "URL": "https://source.android.com/security/bulletin/pixel/2018-02-01" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-13229", - "URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13229" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-13229", - "URL": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13229" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:45:34+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:45:34+09:00", - "DateLastUpdated": "2018-03-22T17:45:34+09:00", - "DatePublic": "2017-08-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002101", - "VulinfoData": { - "Title": "GIT における入力確認に関する脆弱性", - "Overview": "GIT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Git project", - "ProductName": "Git", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:git_project:git" - }, - "VersionNumber": [ - "2.15.1 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Git", - "VulinfoID": "Top Page", - "URL": "https://git-scm.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000021", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000021", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000021" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Security implications of ANSI escape codes in Git sever responses", - "URL": "http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:31:29+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:31:29+09:00", - "DateLastUpdated": "2018-03-22T17:31:29+09:00", - "DatePublic": "2018-01-06T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002102", - "VulinfoData": { - "Title": "insight-api における入力確認に関する脆弱性", - "Overview": "insight-api には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "BitPay", - "ProductName": "insight-api", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:insight.bitpay:insight-api" - }, - "VersionNumber": [ - "5.0.0 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "BaseScore": "5.3", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "[Security] Full Path Disclosure #542", - "URL": "https://github.com/bitpay/insight-api/issues/542" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000023", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000023" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000023", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000023" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:31:30+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:31:30+09:00", - "DateLastUpdated": "2018-03-22T17:31:30+09:00", - "DatePublic": "2018-01-12T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002103", - "VulinfoData": { - "Title": "Squid Software Foundation Squid HTTP Caching Proxy におけるデータ処理に関する脆弱性", - "Overview": "Squid Software Foundation Squid HTTP Caching Proxy には、データ処理に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Debian", - "ProductName": "Debian GNU/Linux", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:debian:debian_linux" - }, - "VersionNumber": [ - "7.0", - "8.0", - "9.0" - ] - }, - { - "Name": "Squid-cache.org", - "ProductName": "Squid", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:squid-cache:squid" - }, - "VersionNumber": [ - "3.0 から 3.5.27", - "4.0 から 4.0.22" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Debian", - "VulinfoID": "[SECURITY] [DLA 1266-1] squid3 security update", - "URL": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html" - }, - { - "Type": "vendor", - "Name": "Debian Security Advisory", - "VulinfoID": "DSA-4122", - "URL": "https://www.debian.org/security/2018/dsa-4122" - }, - { - "Type": "vendor", - "Name": "Squid", - "VulinfoID": "Squid Versions", - "URL": "http://www.squid-cache.org/Versions/" - }, - { - "Type": "vendor", - "Name": "Squid Proxy Cache Security Update Advisory", - "VulinfoID": "SQUID-2018:1", - "URL": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000024", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000024" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000024", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000024" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-19", - "Title": "データ処理", - "URL": "https://cwe.mitre.org/data/definitions/19.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:31:32+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:31:32+09:00", - "DateLastUpdated": "2018-03-22T17:31:32+09:00", - "DatePublic": "2018-01-19T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012552", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における情報漏えいに関する脆弱性", - "Overview": "HPE Intelligent Management Center (IMC) PLAT には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2 E0403P06" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:C/I:N/A:N", - "BaseScore": "7.1", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03714", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03714en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5795", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5795" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5795", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5795" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:36+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:36+09:00", - "DateLastUpdated": "2018-03-22T17:22:36+09:00", - "DatePublic": "2017-03-08T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012553", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における整数オーバーフローの脆弱性", - "Overview": "HPE Intelligent Management Center (iMC) PLAT には、整数オーバーフローの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03738", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5804", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5804" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5804", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5804" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-190", - "Title": "整数オーバーフローまたはラップアラウンド", - "URL": "https://cwe.mitre.org/data/definitions/190.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:37+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:37+09:00", - "DateLastUpdated": "2018-03-22T17:22:37+09:00", - "DatePublic": "2017-04-27T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012554", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE Intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03738", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5805", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5805" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5805", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5805" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:39+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:39+09:00", - "DateLastUpdated": "2018-03-22T17:22:39+09:00", - "DatePublic": "2017-04-27T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012555", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE Intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03738", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5806", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5806" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5806", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5806" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:40+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:40+09:00", - "DateLastUpdated": "2018-03-22T17:22:40+09:00", - "DatePublic": "2017-04-27T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012556", - "VulinfoData": { - "Title": "HPE SiteScope における暗号に関する脆弱性", - "Overview": "HPE SiteScope には、暗号に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "SiteScope", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:sitescope" - }, - "VersionNumber": [ - "11.2x", - "11.3x" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "2.1", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "5.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBGN03763", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8949", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8949" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8949", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8949" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-310", - "Title": "暗号の問題", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-310.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:17+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:17+09:00", - "DateLastUpdated": "2018-03-22T17:27:17+09:00", - "DatePublic": "2017-06-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012557", - "VulinfoData": { - "Title": "HPE SiteScope における情報漏えいに関する脆弱性", - "Overview": "HPE SiteScope には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "SiteScope", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:sitescope" - }, - "VersionNumber": [ - "11.2x", - "11.3x" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "2.1", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "5.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBGN03763", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8950", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8950" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8950", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8950" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:18+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:18+09:00", - "DateLastUpdated": "2018-03-22T17:27:18+09:00", - "DatePublic": "2017-06-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012558", - "VulinfoData": { - "Title": "HPE SiteScope における情報漏えいに関する脆弱性", - "Overview": "HPE SiteScope には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "SiteScope", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:sitescope" - }, - "VersionNumber": [ - "11.2x", - "11.3x" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "4.6", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBGN03763", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8951", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8951" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8951", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8951" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:20+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:20+09:00", - "DateLastUpdated": "2018-03-22T17:27:20+09:00", - "DatePublic": "2017-06-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012559", - "VulinfoData": { - "Title": "HPE SiteScope における情報漏えいに関する脆弱性", - "Overview": "HPE SiteScope には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "SiteScope", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:sitescope" - }, - "VersionNumber": [ - "11.2x", - "11.3x" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBGN03763", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8952", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8952" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8952", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8952" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:21+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:21+09:00", - "DateLastUpdated": "2018-03-22T17:27:21+09:00", - "DatePublic": "2017-06-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012560", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03764", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8954", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8954" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8954", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8954" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:22+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:22+09:00", - "DateLastUpdated": "2018-03-22T17:27:22+09:00", - "DatePublic": "2017-06-29T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012561", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.2" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "BaseScore": "7.8", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03764", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-8955", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8955" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-8955", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-8955" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:27:23+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:27:23+09:00", - "DateLastUpdated": "2018-03-22T17:27:23+09:00", - "DatePublic": "2017-06-29T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008927", - "VulinfoData": { - "Title": "HPE Version Control Repository Manager における情報漏えいに関する脆弱性", - "Overview": "HPE Version Control Repository Manager (VCRM) には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Version Control Repository Manager", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:version_control_repository_manager" - }, - "VersionNumber": [ - "7.6 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", - "BaseScore": "4", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03691", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390722" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03684", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8514", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8514" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8514", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8514" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:31+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:31+09:00", - "DateLastUpdated": "2018-03-22T17:22:31+09:00", - "DatePublic": "2016-12-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008928", - "VulinfoData": { - "Title": "HPE Version Control Repository Manager における危険なタイプのファイルの無制限アップロードに関する脆弱性", - "Overview": "HPE Version Control Repository Manager (VCRM) には、危険なタイプのファイルの無制限アップロードに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Version Control Repository Manager", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:version_control_repository_manager" - }, - "VersionNumber": [ - "7.6 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03691", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390722" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03684", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8515", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8515" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8515", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8515" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-434", - "Title": "危険なタイプのファイルの無制限アップロード", - "URL": "https://cwe.mitre.org/data/definitions/434.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:33+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:33+09:00", - "DateLastUpdated": "2018-03-22T17:22:33+09:00", - "DatePublic": "2016-12-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012550", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE Intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 (E0504)" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:C/I:C/A:C", - "BaseScore": "9", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03768", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12520", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12520" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12520", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12520" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:34+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:34+09:00", - "DateLastUpdated": "2018-03-22T17:22:34+09:00", - "DatePublic": "2017-08-11T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012551", - "VulinfoData": { - "Title": "HPE intelligent Management Center PLAT における入力確認に関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P2 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:C/I:C/A:C", - "BaseScore": "9", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03782", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03782en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12554", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12554" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12554", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12554" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:22:35+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:22:35+09:00", - "DateLastUpdated": "2018-03-22T17:22:35+09:00", - "DatePublic": "2017-10-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002095", - "VulinfoData": { - "Title": "CloudMe Sync におけるバッファエラーの脆弱性", - "Overview": "CloudMe Sync には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "CloudMe", - "ProductName": "CloudMe Sync", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:cloudme:sync" - }, - "VersionNumber": [ - "1.11.0 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "CloudMe", - "VulinfoID": "Top Page", - "URL": "https://www.cloudme.com/ja" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6892", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6892" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6892", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6892" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "SSD Advisory - CloudMe Unauthenticated Remote Buffer Overflow", - "URL": "https://blogs.securiteam.com/index.php/archives/3669" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:41:55+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:41:55+09:00", - "DateLastUpdated": "2018-03-22T16:41:55+09:00", - "DatePublic": "2018-02-11T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002096", - "VulinfoData": { - "Title": "Jenkins CCM プラグインにおける XML 外部エンティティの脆弱性", - "Overview": "Jenkins CCM プラグインには、XML 外部エンティティの脆弱性、およびサーバサイドのリクエストフォージェリの脆弱性が存在します。", - "Affected": [ - { - "Name": "Jenkins プロジェクト", - "ProductName": "CCM", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:jenkins:ccm" - }, - "VersionNumber": [ - "3.1 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", - "BaseScore": "8.3", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Jenkins Security Advisory", - "VulinfoID": "SECURITY-659", - "URL": "https://jenkins.io/security/advisory/2018-02-05/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000054", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000054" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000054", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000054" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-611", - "Title": "XML 外部エンティティ参照の不適切な制限", - "URL": "https://cwe.mitre.org/data/definitions/611.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-918", - "Title": "サーバサイドのリクエストフォージェリ", - "URL": "https://cwe.mitre.org/data/definitions/918.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:09:12+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:09:12+09:00", - "DateLastUpdated": "2018-03-22T17:09:12+09:00", - "DatePublic": "2018-02-05T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002097", - "VulinfoData": { - "Title": "Jenkins Android Lint プラグインにおける XML 外部エンティティの脆弱性", - "Overview": "Jenkins Android Lint プラグインには、XML 外部エンティティの脆弱性、およびサーバサイドのリクエストフォージェリの脆弱性が存在します。", - "Affected": [ - { - "Name": "Jenkins プロジェクト", - "ProductName": "Android Lint", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:jenkins:android_lint" - }, - "VersionNumber": [ - "2.5 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", - "BaseScore": "8.3", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Jenkins Security Advisory", - "VulinfoID": "SECURITY-660", - "URL": "https://jenkins.io/security/advisory/2018-02-05/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000055", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000055" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000055", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000055" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-611", - "Title": "XML 外部エンティティ参照の不適切な制限", - "URL": "https://cwe.mitre.org/data/definitions/611.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-918", - "Title": "サーバサイドのリクエストフォージェリ", - "URL": "https://cwe.mitre.org/data/definitions/918.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:09:13+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:09:13+09:00", - "DateLastUpdated": "2018-03-22T17:09:13+09:00", - "DatePublic": "2018-02-05T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002098", - "VulinfoData": { - "Title": "Jenkins JUnit プラグインにおける XML 外部エンティティの脆弱性", - "Overview": "Jenkins JUnit プラグインには、XML 外部エンティティの脆弱性、およびサーバサイドのリクエストフォージェリの脆弱性が存在します。", - "Affected": [ - { - "Name": "Jenkins プロジェクト", - "ProductName": "Junit", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:jenkins:junit" - }, - "VersionNumber": [ - "1.23 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", - "BaseScore": "8.3", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Jenkins Security Advisory", - "VulinfoID": "SECURITY-521", - "URL": "https://jenkins.io/security/advisory/2018-02-05/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000056", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000056" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000056", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000056" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-611", - "Title": "XML 外部エンティティ参照の不適切な制限", - "URL": "https://cwe.mitre.org/data/definitions/611.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-918", - "Title": "サーバサイドのリクエストフォージェリ", - "URL": "https://cwe.mitre.org/data/definitions/918.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:09:15+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:09:15+09:00", - "DateLastUpdated": "2018-03-22T17:09:15+09:00", - "DatePublic": "2018-02-05T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002099", - "VulinfoData": { - "Title": "Jenkins Credentials Binding プラグインにおける証明書・パスワードの管理に関する脆弱性", - "Overview": "Jenkins Credentials Binding プラグインには、証明書・パスワードの管理に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Jenkins プロジェクト", - "ProductName": "Credentials Binding", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:jenkins:credentials_binding" - }, - "VersionNumber": [ - "1.14 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", - "BaseScore": "4", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Jenkins Security Advisory", - "VulinfoID": "SECURITY-698", - "URL": "https://jenkins.io/security/advisory/2018-02-05/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000057", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000057" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000057", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000057" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-255", - "Title": "証明書・パスワードの管理", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-255.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:09:16+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:09:16+09:00", - "DateLastUpdated": "2018-03-22T17:09:16+09:00", - "DatePublic": "2018-02-05T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002100", - "VulinfoData": { - "Title": "Jenkins Pipeline: Supporting APIs プラグインにおける信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "Jenkins Pipeline: Supporting APIs プラグインには、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Jenkins プロジェクト", - "ProductName": "Pipeline: Supporting APIs", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:jenkins:pipeline_supporting_apis" - }, - "VersionNumber": [ - "2.17 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Jenkins Security Advisory", - "VulinfoID": "SECURITY-699", - "URL": "https://jenkins.io/security/advisory/2018-02-05/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000058", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000058" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000058", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000058" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T17:09:17+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T17:09:17+09:00", - "DateLastUpdated": "2018-03-22T17:09:17+09:00", - "DatePublic": "2018-02-05T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012548", - "VulinfoData": { - "Title": "trixbox におけるクロスサイトスクリプティングの脆弱性", - "Overview": "trixbox には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "NetFortris, Inc.", - "ProductName": "trixbox", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:netfortris:trixbox" - }, - "VersionNumber": [ - "2.8.0.4" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "NetFortris", - "VulinfoID": "Top Page", - "URL": "http://www.netfortris.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-14536", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14536" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-14536", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14536" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "TrixBox Multiple Cross Site Scripting Vulnerabilities [CVE-2017-14536]", - "URL": "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-cross-site-scripting-vulnerabilities/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:39:32+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:39:32+09:00", - "DateLastUpdated": "2018-03-22T16:39:32+09:00", - "DatePublic": "2017-09-17T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012549", - "VulinfoData": { - "Title": "trixbox におけるパストラバーサルの脆弱性", - "Overview": "trixbox には、パストラバーサルの脆弱性が存在します。", - "Affected": [ - { - "Name": "NetFortris, Inc.", - "ProductName": "trixbox", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:netfortris:trixbox" - }, - "VersionNumber": [ - "2.8.0.4" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", - "BaseScore": "4", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "NetFortris", - "VulinfoID": "Top Page", - "URL": "http://www.netfortris.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-14537", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14537" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-14537", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-14537" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "TrixBox Multiple Path Traversal Vulnerabilities [CVE-2017-14537]", - "URL": "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-22", - "Title": "パス・トラバーサル", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-22.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:39:33+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:39:33+09:00", - "DateLastUpdated": "2018-03-22T16:39:33+09:00", - "DatePublic": "2017-09-17T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002087", - "VulinfoData": { - "Title": "Atlassian Crucible におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Atlassian Crucible には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Atlassian", - "ProductName": "Crucible", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:atlassian:crucible" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Atlassian JIRA", - "VulinfoID": "CRUC-8169", - "URL": "https://jira.atlassian.com/browse/CRUC-8169" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18089", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18089" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18089", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18089" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:24:25+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:24:25+09:00", - "DateLastUpdated": "2018-03-22T16:24:25+09:00", - "DatePublic": "2018-02-02T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002088", - "VulinfoData": { - "Title": "Atlassian Fisheye におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Atlassian Fisheye には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Atlassian", - "ProductName": "FishEye", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:atlassian:fisheye" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Atlassian JIRA", - "VulinfoID": "FE-7000", - "URL": "https://jira.atlassian.com/browse/FE-7000" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18090", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18090" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18090", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18090" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:24:26+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:24:26+09:00", - "DateLastUpdated": "2018-03-22T16:24:26+09:00", - "DatePublic": "2018-02-02T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002089", - "VulinfoData": { - "Title": "Atlassian Fisheye および Crucible におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Atlassian Fisheye および Crucible には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Atlassian", - "ProductName": "Crucible", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:atlassian:crucible" - }, - "VersionNumber": [ - "" - ] - }, - { - "Name": "Atlassian", - "ProductName": "FishEye", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:atlassian:fisheye" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "4.8", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Atlassian JIRA", - "VulinfoID": "CRUC-8173", - "URL": "https://jira.atlassian.com/browse/CRUC-8173" - }, - { - "Type": "vendor", - "Name": "Atlassian JIRA", - "VulinfoID": "FE-7006", - "URL": "https://jira.atlassian.com/browse/FE-7006" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18091", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18091" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18091", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18091" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:24:27+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:24:27+09:00", - "DateLastUpdated": "2018-03-22T16:24:27+09:00", - "DatePublic": "2018-02-02T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002090", - "VulinfoData": { - "Title": "WordPress 用 UltimateMember プラグインにおけるクロスサイトスクリプティングの脆弱性", - "Overview": "WordPress 用 UltimateMember プラグインには、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Ultimate Member Group Ltd", - "ProductName": "Ultimate Member", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ultimatemember:ultimate_member" - }, - "VersionNumber": [ - "2.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Ultimate Member", - "VulinfoID": "Top Page", - "URL": "https://ultimatemember.com/" - }, - { - "Type": "vendor", - "Name": "WordPress Plugin Directory", - "VulinfoID": "Ultimate Member - User Profile & Membership Plugin", - "URL": "https://ja.wordpress.org/plugins/ultimate-member/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6943", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6943" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6943", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6943" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "WordPress UltimateMember 2.0 Cross Site Scripting", - "URL": "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:32:57+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:32:57+09:00", - "DateLastUpdated": "2018-03-22T16:32:57+09:00", - "DatePublic": "2018-02-12T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002091", - "VulinfoData": { - "Title": "WordPress 用 UltimateMember プラグインにおけるクロスサイトスクリプティングの脆弱性", - "Overview": "WordPress 用 UltimateMember プラグインには、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Ultimate Member Group Ltd", - "ProductName": "Ultimate Member", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ultimatemember:ultimate_member" - }, - "VersionNumber": [ - "2.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Ultimate Member", - "VulinfoID": "Top Page", - "URL": "https://ultimatemember.com/" - }, - { - "Type": "vendor", - "Name": "WordPress Plugin Directory", - "VulinfoID": "Ultimate Member - User Profile & Membership Plugin", - "URL": "https://ja.wordpress.org/plugins/ultimate-member/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6944", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6944" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6944", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6944" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "WordPress UltimateMember 2.0 Cross Site Scripting", - "URL": "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:32:58+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:32:58+09:00", - "DateLastUpdated": "2018-03-22T16:32:58+09:00", - "DatePublic": "2018-02-12T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002092", - "VulinfoData": { - "Title": "miniBB におけるクロスサイトスクリプティングの脆弱性", - "Overview": "miniBB には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "miniBB", - "ProductName": "miniBB", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:minibb:minibb" - }, - "VersionNumber": [ - "3.2.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "4.8", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "miniBB", - "VulinfoID": "Top Page", - "URL": "http://www.minibb.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6506", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6506" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6506", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6506" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "MiniBB Forums v3.2.2 - Stored XSS", - "URL": "https://offensivehacking.wordpress.com/2018/02/07/minibb-forums-v3-2-2-stored-xss/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:41:52+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:41:52+09:00", - "DateLastUpdated": "2018-03-22T16:41:52+09:00", - "DatePublic": "2018-02-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002093", - "VulinfoData": { - "Title": "Typesetter におけるクロスサイトリクエストフォージェリの脆弱性", - "Overview": "Typesetter には、クロスサイトリクエストフォージェリの脆弱性が存在します。", - "Affected": [ - { - "Name": "Typesetter", - "ProductName": "Typesetter", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:typesettercms:typesetter" - }, - "VersionNumber": [ - "5.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", - "BaseScore": "6", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Typesetter", - "VulinfoID": "Top Page", - "URL": "https://www.typesettercms.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6888", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6888" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6888", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6888" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Cross Site Request Forgery- Type Setter CMS 5.1", - "URL": "https://securitywarrior9.blogspot.in/2018/02/cross-site-request-forgery-type-setter.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-352", - "Title": "クロスサイトリクエストフォージェリ", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-352.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:41:53+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:41:53+09:00", - "DateLastUpdated": "2018-03-22T16:41:53+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002094", - "VulinfoData": { - "Title": "Typesetter におけるコードインジェクションの脆弱性", - "Overview": "Typesetter には、コードインジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Typesetter", - "ProductName": "Typesetter", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:typesettercms:typesetter" - }, - "VersionNumber": [ - "5.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Typesetter", - "VulinfoID": "Top Page", - "URL": "https://www.typesettercms.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6889", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6889" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6889", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6889" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Host Header Injection- Type Setter CMS 5.1", - "URL": "https://securitywarrior9.blogspot.in/2018/02/host-header-injection-type-setter-cms-51.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-94", - "Title": "コード・インジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-94.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T16:41:54+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T16:41:54+09:00", - "DateLastUpdated": "2018-03-22T16:41:54+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012543", - "VulinfoData": { - "Title": "Linux Kernel におけるバッファエラーの脆弱性", - "Overview": "Linux Kernel には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "Linux", - "ProductName": "Linux Kernel", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:linux:linux_kernel" - }, - "VersionNumber": [ - "4.13 未満" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", - "BaseScore": "4.9", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "5.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "f2fs: fix a bug caused by NULL extent tree", - "URL": "https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0" - }, - { - "Type": "vendor", - "Name": "Linux Kernel", - "VulinfoID": "Linux Kernel Archives", - "URL": "http://www.kernel.org" - }, - { - "Type": "vendor", - "Name": "Linux kernel source tree", - "VulinfoID": "f2fs: fix a bug caused by NULL extent tree", - "URL": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18193", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18193" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18193", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18193" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:24:39+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:24:39+09:00", - "DateLastUpdated": "2018-03-22T12:24:39+09:00", - "DatePublic": "2017-05-19T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012544", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P2 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03778", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12556", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12556" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12556", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12556" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T14:13:50+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T14:13:50+09:00", - "DateLastUpdated": "2018-03-22T14:13:50+09:00", - "DatePublic": "2017-10-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012545", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P2 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03778", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12557", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12557" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12557", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12557" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T14:13:51+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T14:13:51+09:00", - "DateLastUpdated": "2018-03-22T14:13:51+09:00", - "DatePublic": "2017-10-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012546", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P2 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03778", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12558", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12558" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12558", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12558" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T14:13:52+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T14:13:52+09:00", - "DateLastUpdated": "2018-03-22T14:13:52+09:00", - "DatePublic": "2017-10-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012547", - "VulinfoData": { - "Title": "HPE Intelligent Management Center PLAT における初期化されていないポインタのアクセスに関する脆弱性", - "Overview": "HPE intelligent Management Center (iMC) PLAT には、初期化されていないポインタのアクセスに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Intelligent Management Center", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:intelligent_management_center" - }, - "VersionNumber": [ - "7.3 E0504P4 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBHF03781", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12561", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12561" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12561", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12561" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-824", - "Title": "初期化されていないポインタのアクセス", - "URL": "https://cwe.mitre.org/data/definitions/824.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T14:13:53+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T14:13:53+09:00", - "DateLastUpdated": "2018-03-22T14:13:53+09:00", - "DatePublic": "2017-10-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002082", - "VulinfoData": { - "Title": "Joomla! 用 JomEstate PRO コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 JomEstate PRO コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "comdev.eu", - "ProductName": "JomEstate PRO", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:comdev:jomestate_pro" - }, - "VersionNumber": [ - "3.7 まで" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "comdev.eu", - "VulinfoID": "Top Page", - "URL": "http://comdev.eu/" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "JomEstate PRO", - "URL": "https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6368", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6368" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6368", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6368" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44117/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:04:10+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:04:10+09:00", - "DateLastUpdated": "2018-03-22T12:04:10+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002083", - "VulinfoData": { - "Title": "Wolf CMS におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Wolf CMS には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "wolfcms.org", - "ProductName": "Wolf CMS", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wolfcms:wolf_cms" - }, - "VersionNumber": [ - "0.8.3.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "4.8", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Wolf CMS", - "VulinfoID": "Top Page", - "URL": "http://wolfcms.org/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6890", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6890" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6890", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6890" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "WolfCMS-XSS-POC", - "URL": "https://github.com/pradeepjairamani/WolfCMS-XSS-POC/blob/master/Wolfcms%20v0.8.3.1%20xss%20POC%20by%20Pradeep%20Jairamani.pdf" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:24:40+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:24:40+09:00", - "DateLastUpdated": "2018-03-22T12:24:40+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002084", - "VulinfoData": { - "Title": "phpMyAdmin におけるクロスサイトスクリプティングの脆弱性", - "Overview": "phpMyAdmin には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "The phpMyAdmin Project", - "ProductName": "phpMyAdmin", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:phpmyadmin:phpmyadmin" - }, - "VersionNumber": [ - "4.7.8 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。 ", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Fix XSS vulnerability in central columns feature", - "URL": "https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3" - }, - { - "Type": "vendor", - "Name": "SECURITY ANNOUNCEMENTS", - "VulinfoID": "PMASA-2018-1", - "URL": "https://www.phpmyadmin.net/security/PMASA-2018-1/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7260", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7260", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7260" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:24:42+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:24:42+09:00", - "DateLastUpdated": "2018-03-22T12:24:42+09:00", - "DatePublic": "2018-02-20T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002085", - "VulinfoData": { - "Title": "Radiant CMS におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Radiant CMS には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Radiant CMS project", - "ProductName": "Radiant CMS", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:radiantcms:radiant_cms" - }, - "VersionNumber": [ - "1.1.4" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Radiant CMS", - "VulinfoID": "Top Page", - "URL": "http://radiantcms.org/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7261", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7261" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7261", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7261" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Multiple Persistent XSS vulnerabilities in Radiant Content Management System", - "URL": "https://www.securityfocus.com/archive/1/archive/1/541798/100/0/threaded" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:24:43+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:24:43+09:00", - "DateLastUpdated": "2018-03-22T12:24:43+09:00", - "DatePublic": "2018-02-20T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002086", - "VulinfoData": { - "Title": "Joomla! 用 PrayerCenter コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 PrayerCenter コンポーネントには、SQL インジェクションの脆弱性が存在します。 本脆弱性は、CVE-2008-6429 とは異なる脆弱性です。", - "Affected": [ - { - "Name": "MLWEBTECHNOLOGIES", - "ProductName": "PrayerCenter", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:mlwebtechnologies:prayercenter" - }, - "VersionNumber": [ - "3.0.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "PrayerCenter", - "URL": "https://extensions.joomla.org/extensions/extension/living/religion/prayercenter/" - }, - { - "Type": "vendor", - "Name": "MLWEBTECHNOLOGIES", - "VulinfoID": "PrayerCenter", - "URL": "http://mlwebtechnologies.github.io/PrayerCenter/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7314", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7314" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7314", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7314" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component PrayerCenter 3.0.2 - 'sessionid' SQL Injection", - "URL": "https://exploit-db.com/exploits/44160" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:24:44+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:24:44+09:00", - "DateLastUpdated": "2018-03-22T12:24:44+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008924", - "VulinfoData": { - "Title": "HPE Diagnostics における入力確認に関する脆弱性", - "Overview": "HPE Diagnostics には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Diagnostics", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:diagnostics" - }, - "VersionNumber": [ - "9.24 IP1", - "9.26", - "9.26IP1" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBGN03689", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05370100" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8521", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8521" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8521", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8521" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:04:05+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:04:05+09:00", - "DateLastUpdated": "2018-03-22T12:04:05+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008925", - "VulinfoData": { - "Title": "HPE Diagnostics におけるクロスサイトスクリプティングの脆弱性", - "Overview": "HPE Diagnostics には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Diagnostics", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:diagnostics" - }, - "VersionNumber": [ - "9.24 IP1", - "9.26", - "9.26IP1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBGN03689", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05370100" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8522", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8522" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8522", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8522" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:04:06+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:04:06+09:00", - "DateLastUpdated": "2018-03-22T12:04:06+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008926", - "VulinfoData": { - "Title": "HPE Smart Storage Administrator におけるコマンドインジェクションの脆弱性", - "Overview": "HPE Smart Storage Administrator には、コマンドインジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "Smart Storage Administrator", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:smart_storage_administrator" - }, - "VersionNumber": [ - "2.60.18.0 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:C/I:C/A:C", - "BaseScore": "9", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03701", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8523", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8523" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8523", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8523" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-77", - "Title": "コマンドインジェクション", - "URL": "https://cwe.mitre.org/data/definitions/77.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:04:07+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:04:07+09:00", - "DateLastUpdated": "2018-03-22T12:04:07+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002075", - "VulinfoData": { - "Title": "Joomla! 用 NeoRecruit コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 NeoRecruit コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "NeoJoomla", - "ProductName": "NeoRecruit", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:neojoomla:neorecruit" - }, - "VersionNumber": [ - "4.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "NeoRecruit", - "URL": "https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/neorecruit/" - }, - { - "Type": "vendor", - "Name": "NeoJoomla", - "VulinfoID": "Top Page", - "URL": "https://neojoomla.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6370", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6370" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6370", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6370" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component NeoRecruit 4.1 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44123/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:38+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:38+09:00", - "DateLastUpdated": "2018-03-22T11:59:38+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002076", - "VulinfoData": { - "Title": "Joomla! 用 JB Bus コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 JB Bus コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Joombooking.com", - "ProductName": "JB Bus", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:joombooking:jb_bus" - }, - "VersionNumber": [ - "2.3" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joombooking", - "VulinfoID": "Top Page", - "URL": "https://joombooking.com/" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "JB Bus", - "URL": "https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jbtransport/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6372", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6372" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6372", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6372" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44115/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:40+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:40+09:00", - "DateLastUpdated": "2018-03-22T11:59:40+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002077", - "VulinfoData": { - "Title": "Joomla! 用 Google Map Landkarten コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Google Map Landkarten コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Andy Thielke", - "ProductName": "Google Map Landkarten", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:google_map_landkarten_project:google_map_landkarten" - }, - "VersionNumber": [ - "4.2.3 まで" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Andy Thielke", - "VulinfoID": "Top Page", - "URL": "http://www.joomla-24.de/" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Google Map Landkarten", - "URL": "https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6396", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6396" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6396", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6396" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Google Map Landkarten CVE-2018-6396 Multiple SQL Injection Vulnerabilities", - "URL": "https://www.securityfocus.com/bid/103094" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:41+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:41+09:00", - "DateLastUpdated": "2018-03-22T11:59:41+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002078", - "VulinfoData": { - "Title": "Joomla! 用 Timetable Responsive Schedule コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Timetable Responsive Schedule コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "QuanticaLabs", - "ProductName": "Timetable Responsive Schedule", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:quanticalabs:timetable_responsive_schedule" - }, - "VersionNumber": [ - "1.5" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Timetable Responsive Schedule For Joomla", - "URL": "https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-responsive-schedule-for-joomla/" - }, - { - "Type": "vendor", - "Name": "QuanticaLabs", - "VulinfoID": "Timetable For Joomla", - "URL": "http://quanticalabs.com/joomla/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6583", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6583" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6583", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6583" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44130/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:42+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:42+09:00", - "DateLastUpdated": "2018-03-22T11:59:42+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002079", - "VulinfoData": { - "Title": "Joomla! 用 DT Register コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 DT Register コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "DTH Development, LLC.", - "ProductName": "DT Register", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:dthdevelopment:dt_register" - }, - "VersionNumber": [ - "3.2.7" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "DTH Development", - "VulinfoID": "DT Register", - "URL": "https://www.dthdevelopment.com/components/dt-register-event-registration" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "DT Register", - "URL": "https://extensions.joomla.org/extensions/extension/calendars-a-events/events/dt-register/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6584", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6584" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6584", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6584" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component DT Register 3.2.7 - 'id' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44108/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:43+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:43+09:00", - "DateLastUpdated": "2018-03-22T11:59:43+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002080", - "VulinfoData": { - "Title": "Joomla! 用 JTicketing コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 JTicketing コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Techjoomla", - "ProductName": "Jticketing", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:techjoomla:jticketing" - }, - "VersionNumber": [ - "2.0.16" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "JTicketing", - "URL": "https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/" - }, - { - "Type": "vendor", - "Name": "Techjoomla", - "VulinfoID": "JTicketing", - "URL": "https://techjoomla.com/products/j-ticketing" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6585", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6585" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6585", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6585" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component JTicketing 2.0.16 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44121/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:44+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:44+09:00", - "DateLastUpdated": "2018-03-22T11:59:44+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002081", - "VulinfoData": { - "Title": "Joomla! 用 JS Autoz コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 JS Autoz コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Joom Sky", - "ProductName": "JS Autoz", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:joomsky:js_autoz" - }, - "VersionNumber": [ - "1.0.9" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joom Sky", - "VulinfoID": "JS Autoz", - "URL": "http://www.joomsky.com/products/js-autoz.html" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "JS Autoz", - "URL": "https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6006", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6006" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6006", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6006" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component JS Autoz 1.0.9 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44119/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T12:02:07+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T12:02:07+09:00", - "DateLastUpdated": "2018-03-22T12:02:07+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008920", - "VulinfoData": { - "Title": "HPE Systems Insight Manager における脆弱性", - "Overview": "HPE Systems Insight Manager には、不特定の脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Systems Insight Manager", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:systems_insight_manager" - }, - "VersionNumber": [ - "7.6 未満" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03691", - "URL": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03668", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8516", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8516" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8516", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8516" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-noinfo", - "Title": "情報不足", - "URL": "https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:52:42+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:52:42+09:00", - "DateLastUpdated": "2018-03-22T11:52:42+09:00", - "DatePublic": "2016-12-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008921", - "VulinfoData": { - "Title": "HPE Systems Insight Manager におけるクロスサイトスクリプティングの脆弱性", - "Overview": "HPE Systems Insight Manager には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Systems Insight Manager", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:systems_insight_manager" - }, - "VersionNumber": [ - "7.6 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03691", - "URL": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03668", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8517", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8517" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8517", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8517" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:52:43+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:52:43+09:00", - "DateLastUpdated": "2018-03-22T11:52:43+09:00", - "DatePublic": "2016-12-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008922", - "VulinfoData": { - "Title": "HPE Systems Insight Manager における脆弱性", - "Overview": "HPE Systems Insight Manager には、不特定の脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Systems Insight Manager", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:systems_insight_manager" - }, - "VersionNumber": [ - "7.6 未満" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03691", - "URL": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" - }, - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03668", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356388" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8518", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8518" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8518", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8518" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-noinfo", - "Title": "情報不足", - "URL": "https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:52:44+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:52:44+09:00", - "DateLastUpdated": "2018-03-22T11:52:44+09:00", - "DatePublic": "2016-12-15T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008923", - "VulinfoData": { - "Title": "HPE Operations Orchestration における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "HPE Operations Orchestration には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "Operations Orchestration", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:operations_orchestration" - }, - "VersionNumber": [ - "Community edition 10.70 未満", - "Enterprise edition 10.70 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBGN03688", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05361944" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8519", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8519" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8519", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8519" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:52:45+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:52:45+09:00", - "DateLastUpdated": "2018-03-22T11:52:45+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012540", - "VulinfoData": { - "Title": "Progress Sitefinity におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Progress Sitefinity には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Progress Software Corporation", - "ProductName": "Sitefinity", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:progress:sitefinity" - }, - "VersionNumber": [ - "9.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Progress", - "VulinfoID": "Version notes", - "URL": "https://www.sitefinity.com/product/version-notes" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18177", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18177" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18177", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18177" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Multiple vulnerabilities in Progress Sitefinity CMS", - "URL": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:31:36+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:31:36+09:00", - "DateLastUpdated": "2018-03-22T11:31:36+09:00", - "DatePublic": "2017-08-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012541", - "VulinfoData": { - "Title": "Progress Sitefinity におけるオープンリダイレクトの脆弱性", - "Overview": "Progress Sitefinity には、オープンリダイレクトの脆弱性が存在します。", - "Affected": [ - { - "Name": "Progress Software Corporation", - "ProductName": "Sitefinity", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:progress:sitefinity" - }, - "VersionNumber": [ - "9.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "BaseScore": "5.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Progress", - "VulinfoID": "Version notes", - "URL": "https://www.sitefinity.com/product/version-notes" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18178", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18178" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18178", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18178" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Multiple vulnerabilities in Progress Sitefinity CMS", - "URL": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-601", - "Title": "オープンリダイレクト", - "URL": "https://cwe.mitre.org/data/definitions/601.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:31:37+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:31:37+09:00", - "DateLastUpdated": "2018-03-22T11:31:37+09:00", - "DatePublic": "2017-08-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012542", - "VulinfoData": { - "Title": "Progress Sitefinity における認証に関する脆弱性", - "Overview": "Progress Sitefinity には、認証に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Progress Software Corporation", - "ProductName": "Sitefinity", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:progress:sitefinity" - }, - "VersionNumber": [ - "9.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Progress", - "VulinfoID": "Version notes", - "URL": "https://www.sitefinity.com/product/version-notes" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18179", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18179" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18179", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18179" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Multiple vulnerabilities in Progress Sitefinity CMS", - "URL": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-287", - "Title": "不適切な認証", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-287.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:31:38+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:31:38+09:00", - "DateLastUpdated": "2018-03-22T11:31:38+09:00", - "DatePublic": "2017-08-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002072", - "VulinfoData": { - "Title": "WonderCMS におけるクロスサイトスクリプティングの脆弱性", - "Overview": "WonderCMS には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "WonderCMS", - "ProductName": "WonderCMS", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wondercms:wondercms" - }, - "VersionNumber": [ - "2.4.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "4.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "private static function uploadFileAction()", - "URL": "https://github.com/robiso/wondercms/blob/ea640a02b4b8d88835d2e01600d24b23176fb665/index.php#L737" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "[SVG feature - public discussion] SVG XSS on file upload #56", - "URL": "https://github.com/robiso/wondercms/issues/56" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000062", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000062" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000062", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000062" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:31:39+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:31:39+09:00", - "DateLastUpdated": "2018-03-22T11:31:39+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002073", - "VulinfoData": { - "Title": "Joomla! 用 Form Maker コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Form Maker コンポーネントには、SQL インジェクションの脆弱性が存在します。 本脆弱性は、CVE-2015-2798 とは異なる脆弱性です。", - "Affected": [ - { - "Name": "Web-Dorado", - "ProductName": "Form Maker", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:web-dorado:form_maker" - }, - "VersionNumber": [ - "3.6.12" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Form Maker", - "URL": "https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/form-maker/" - }, - { - "Type": "vendor", - "Name": "Web-Dorado", - "VulinfoID": "Form Maker", - "URL": "https://web-dorado.com/products/joomla-form.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5991", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5991" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5991", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5991" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Form Maker 3.6.12 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44111/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:36+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:36+09:00", - "DateLastUpdated": "2018-03-22T11:59:36+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002074", - "VulinfoData": { - "Title": "Joomla! 用 JS Jobs コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 JS Jobs コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Joom Sky", - "ProductName": "JS Jobs", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:joomsky:js_jobs" - }, - "VersionNumber": [ - "1.1.9" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joom Sky", - "VulinfoID": "JS Jobs", - "URL": "http://www.joomsky.com/products/js-jobs.html" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "JS Jobs", - "URL": "https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/js-jobs/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5994", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5994" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5994", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5994" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component JS Jobs 1.1.9 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44120/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:59:37+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:59:37+09:00", - "DateLastUpdated": "2018-03-22T11:59:37+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012532", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における入力確認に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5780", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5780" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5780", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5780" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:40:44+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:40:44+09:00", - "DateLastUpdated": "2018-03-22T10:40:44+09:00", - "DatePublic": "2017-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012533", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment におけるクロスサイトリクエストフォージェリの脆弱性", - "Overview": "HPE Matrix Operating Environment には、クロスサイトリクエストフォージェリの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5781", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5781" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5781", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5781" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-352", - "Title": "クロスサイトリクエストフォージェリ", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-352.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:40:45+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:40:45+09:00", - "DateLastUpdated": "2018-03-22T10:40:45+09:00", - "DatePublic": "2017-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012534", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における入力確認に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "BaseScore": "5.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5782", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5782" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5782", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5782" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:40:46+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:40:46+09:00", - "DateLastUpdated": "2018-03-22T10:40:46+09:00", - "DatePublic": "2017-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012535", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における入力確認に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "BaseScore": "5.3", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5783", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5783" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5783", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5783" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:40:47+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:40:47+09:00", - "DateLastUpdated": "2018-03-22T10:40:47+09:00", - "DatePublic": "2017-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012536", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における入力確認に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", - "BaseScore": "5.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5784", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5784" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5784", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5784" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:40:48+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:40:48+09:00", - "DateLastUpdated": "2018-03-22T10:40:48+09:00", - "DatePublic": "2017-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012537", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における情報漏えいに関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "BaseScore": "6.4", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-5785", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5785" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-5785", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5785" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:40:49+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:40:49+09:00", - "DateLastUpdated": "2018-03-22T10:40:49+09:00", - "DatePublic": "2017-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012538", - "VulinfoData": { - "Title": "Progress Sitefinity におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Progress Sitefinity には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Progress Software Corporation", - "ProductName": "Sitefinity", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:progress:sitefinity" - }, - "VersionNumber": [ - "9.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Progress", - "VulinfoID": "Version notes", - "URL": "https://www.sitefinity.com/product/version-notes" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18175", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18175" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18175", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18175" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Multiple vulnerabilities in Progress Sitefinity CMS", - "URL": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:31:33+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:31:33+09:00", - "DateLastUpdated": "2018-03-22T11:31:33+09:00", - "DatePublic": "2017-08-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012539", - "VulinfoData": { - "Title": "Progress Sitefinity におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Progress Sitefinity には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Progress Software Corporation", - "ProductName": "Sitefinity", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:progress:sitefinity" - }, - "VersionNumber": [ - "9.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Progress", - "VulinfoID": "Version notes", - "URL": "https://www.sitefinity.com/product/version-notes" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-18176", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18176" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-18176", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18176" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Multiple vulnerabilities in Progress Sitefinity CMS", - "URL": "https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-progress-sitefinity/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T11:31:35+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T11:31:35+09:00", - "DateLastUpdated": "2018-03-22T11:31:35+09:00", - "DatePublic": "2017-08-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002070", - "VulinfoData": { - "Title": "Joomla! 用 CW Tags コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 CW Tags コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "CW Joomla", - "ProductName": "CW Tags", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:cwjoomla:cw_tags" - }, - "VersionNumber": [ - "2.0.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "CW Joomla", - "VulinfoID": "Top Page", - "URL": "http://www.cwjoomla.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7313", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7313" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7313", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7313" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component CW Tags 2.0.6 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44158/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:28+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:28+09:00", - "DateLastUpdated": "2018-03-22T10:26:28+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002071", - "VulinfoData": { - "Title": "Pluck におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Pluck には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Pluck CMS", - "ProductName": "Pluck", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:pluck-cms:pluck" - }, - "VersionNumber": [ - "4.7.4 まで" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "CVE-2018-7197 Stored XSS in admin/blog reaction post due to Unsantized Url embedding #47", - "URL": "https://github.com/pluck-cms/pluck/issues/47" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7197", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7197" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7197", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7197" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:27:26+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:27:26+09:00", - "DateLastUpdated": "2018-03-22T10:27:26+09:00", - "DatePublic": "2018-02-18T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2015-008111", - "VulinfoData": { - "Title": "WordPress 用 Photo Gallery プラグインにおけるクロスサイトスクリプティングの脆弱性", - "Overview": "WordPress 用 Photo Gallery プラグインには、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Web-Dorado", - "ProductName": "Photo Gallery", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:web-dorado:photo_gallery_plugin" - }, - "VersionNumber": [ - "1.2.13 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "webdorado New release", - "URL": "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt" - }, - { - "Type": "vendor", - "Name": "Web-Dorado", - "VulinfoID": "WordPress Photo Gallery Plugin", - "URL": "https://web-dorado.com/products/wordpress-photo-gallery-plugin.html" - }, - { - "Type": "vendor", - "Name": "WordPress Plugin Directory", - "VulinfoID": "Photo Gallery by WD - Responsive Photo Gallery", - "URL": "https://wordpress.org/plugins/photo-gallery/#changelog" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2015-2324", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2324" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2015-2324", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2015-2324" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:20+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:20+09:00", - "DateLastUpdated": "2018-03-22T10:26:20+09:00", - "DatePublic": "2015-08-12T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008918", - "VulinfoData": { - "Title": "dotCMS における SQL インジェクションの脆弱性", - "Overview": "dotCMS には、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "dotCMS", - "ProductName": "dotCMS", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:dotcms:dotcms" - }, - "VersionNumber": [ - "3.7.2 未満", - "4.1.1 未満の 4.x" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "7.2", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "dotCMS", - "VulinfoID": "Top Page", - "URL": "https://www.dotcms.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-10007", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10007" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-10007", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10007" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "CVE-2016-10007 and CVE-2016-10008 - 2 SQL injection vulnerabilities in dotCMS, blacklist defence bypass", - "URL": "https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:22+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:22+09:00", - "DateLastUpdated": "2018-03-22T10:26:22+09:00", - "DatePublic": "2016-06-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008919", - "VulinfoData": { - "Title": "dotCMS における SQL インジェクションの脆弱性", - "Overview": "dotCMS には、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "dotCMS", - "ProductName": "dotCMS", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:dotcms:dotcms" - }, - "VersionNumber": [ - "3.7.2 未満", - "4.1.1 未満の 4.x" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "7.2", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "dotCMS", - "VulinfoID": "Top Page", - "URL": "https://www.dotcms.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-10008", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10008" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-10008", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10008" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "CVE-2016-10007 and CVE-2016-10008 - 2 SQL injection vulnerabilities in dotCMS, blacklist defence bypass", - "URL": "https://security.elarlang.eu/cve-2016-10007-and-cve-2016-10008-2-sql-injection-vulnerabilities-in-dotcms-blacklist-defence-bypass.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:23+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:23+09:00", - "DateLastUpdated": "2018-03-22T10:26:23+09:00", - "DatePublic": "2016-06-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012531", - "VulinfoData": { - "Title": "Kubik-Rubik SIGE におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Kubik-Rubik SIGE (別名 Simple Image Gallery Extended) には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "Kubik-Rubik", - "ProductName": "SIGE", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:kubik-rubik:simple_image_gallery_extended" - }, - "VersionNumber": [ - "3.3.0 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Kubik-Rubik", - "VulinfoID": "SIGE - Simple Image Gallery Extended", - "URL": "https://joomla-extensions.kubik-rubik.de/sige-simple-image-gallery-extended" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-16356", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16356" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-16356", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-16356" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla Kubik-Rubik SIGE 3.2.3 Cross Site Scripting", - "URL": "http://packetstormsecurity.com/files/146422/Joomla-Kubik-Rubik-SIGE-3.2.3-Cross-Site-Scripting.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:24+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:24+09:00", - "DateLastUpdated": "2018-03-22T10:26:24+09:00", - "DatePublic": "2017-11-01T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002064", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の JavaScript エンジンにおけるコードを破損される脆弱性", - "Overview": "Adobe Reader および Acrobat の JavaScript エンジンには、ヒープオーバーフローにより、コードを破損される、制御フローをハイジャックされる、またはコードを再利用される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "オプションコンテンツグループ (optional content group (OCG)) を操作する巧妙に細工された JavaScript コードを持つ PDF ファイルを介して、コードを破損される、制御フローをハイジャックされる、またはコードを再利用される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4910", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4910" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4910", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4910" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T18:11:05+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T18:11:05+09:00", - "DateLastUpdated": "2018-03-20T18:11:05+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002065", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat におけるコードを破損される脆弱性", - "Overview": "Adobe Reader および Acrobat には、解放済みメモリの使用 (use-after-free) により、コードを破損される、制御フローをハイジャックされる、またはコードを再利用される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "PDF ファイルに埋め込まれた巧妙に細工された JavaScript コードを介して、コードを破損される、制御フローをハイジャックされる、またはコードを再利用される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4911", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4911" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4911", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4911" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-416", - "Title": "解放済みメモリの使用", - "URL": "https://cwe.mitre.org/data/definitions/416.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T18:11:06+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T18:11:06+09:00", - "DateLastUpdated": "2018-03-20T18:11:06+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002066", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4912", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4912" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4912", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4912" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T18:11:08+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T18:11:08+09:00", - "DateLastUpdated": "2018-03-20T18:11:08+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002067", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の XFA エンジンにおける任意のコードを実行される脆弱性", - "Overview": "Adobe Reader および Acrobat の XFA エンジンには、DOM の操作 (DOM manipulation) に関する処理に不備があるため、解放済みメモリの使用 (use-after-free) により、任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "巧妙に細工された PDF ファイルの XFA スクリプト定義 (XFA script definition) を介して、任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4913", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4913" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4913", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4913" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-416", - "Title": "解放済みメモリの使用", - "URL": "https://cwe.mitre.org/data/definitions/416.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T18:11:09+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T18:11:09+09:00", - "DateLastUpdated": "2018-03-20T18:11:09+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002068", - "VulinfoData": { - "Title": "October CMS におけるクロスサイトスクリプティングの脆弱性", - "Overview": "October CMS には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "OctoberCMS", - "ProductName": "October", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:octobercms:october" - }, - "VersionNumber": [ - "1.0.431 まで" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "octobercms", - "VulinfoID": "Top Page", - "URL": "https://octobercms.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7198", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7198" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7198", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7198" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "HTML Injection- October CMS", - "URL": "http://securitywarrior9.blogspot.jp/2018/02/html-injection-october-cms.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:25+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:25+09:00", - "DateLastUpdated": "2018-03-22T10:26:25+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002069", - "VulinfoData": { - "Title": "WordPress 用 Ninja Forms プラグインにおけるクロスサイトスクリプティングの脆弱性", - "Overview": "WordPress 用 Ninja Forms プラグインには、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "WP Ninjas, LLC.", - "ProductName": "Ninja Forms", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ninjaforms:ninja_forms" - }, - "VersionNumber": [ - "3.2.14 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Ninja Forms", - "VulinfoID": "Top Page", - "URL": "https://ninjaforms.com/" - }, - { - "Type": "vendor", - "Name": "WordPress Plugin Directory", - "VulinfoID": "Ninja Forms", - "URL": "https://wordpress.org/plugins/ninja-forms/#developers" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7280", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7280" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7280", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7280" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-22T10:26:26+09:00", - "Description": "[2018年03月22日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-22T10:26:26+09:00", - "DateLastUpdated": "2018-03-22T10:26:26+09:00", - "DatePublic": "2018-02-20T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002054", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat におけるセキュリティを回避される脆弱性", - "Overview": "Adobe Reader および Acrobat には、クロスコールの処理に不備があるため、セキュリティを回避され、サンドボックスをエスケープされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "セキュリティを回避され、サンドボックスをエスケープされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "BaseScore": "10", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4872", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4872" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4872", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4872" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-254", - "Title": "セキュリティ機能", - "URL": "https://cwe.mitre.org/data/definitions/254.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:28+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:28+09:00", - "DateLastUpdated": "2018-03-20T17:58:28+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002055", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat には、対象のバッファの終端を越えてデータを書き込まれるため、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "攻撃者により、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4879", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4879" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4879", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4879" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-787", - "Title": "境界外書き込み", - "URL": "https://cwe.mitre.org/data/definitions/787.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:29+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:29+09:00", - "DateLastUpdated": "2018-03-20T17:58:29+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002056", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を公開される脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を公開される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を公開される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4880", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4880" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4880", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4880" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:31+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:31+09:00", - "DateLastUpdated": "2018-03-20T17:58:31+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002057", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを書き込まれるため、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "攻撃者により、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4898", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4898" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4898", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4898" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-787", - "Title": "境界外書き込み", - "URL": "https://cwe.mitre.org/data/definitions/787.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:32+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:32+09:00", - "DateLastUpdated": "2018-03-20T17:58:32+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002058", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の XPS ページ処理における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の XPS ページ処理は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4899", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4899" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4899", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4899" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:33+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:33+09:00", - "DateLastUpdated": "2018-03-20T17:58:33+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002059", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の Annotation オブジェクトの JavaScript 操作における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の Annotation オブジェクトの JavaScript 操作は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4900", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4900" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4900", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4900" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:34+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:34+09:00", - "DateLastUpdated": "2018-03-20T17:58:34+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002060", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4914", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4914" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4914", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4914" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:35+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:35+09:00", - "DateLastUpdated": "2018-03-20T17:58:35+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002061", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを書き込むため、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "攻撃者により、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4915", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4915" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4915", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4915" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-787", - "Title": "境界外書き込み", - "URL": "https://cwe.mitre.org/data/definitions/787.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:36+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:36+09:00", - "DateLastUpdated": "2018-03-20T17:58:36+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002062", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを書き込むため、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "攻撃者により、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4916", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4916" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4916", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4916" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-787", - "Title": "境界外書き込み", - "URL": "https://cwe.mitre.org/data/definitions/787.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:58:38+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:58:38+09:00", - "DateLastUpdated": "2018-03-20T17:58:38+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002063", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4909", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4909" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4909", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4909" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T18:11:04+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T18:11:04+09:00", - "DateLastUpdated": "2018-03-20T18:11:04+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002044", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4887", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4887" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4887", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4887" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:55+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:55+09:00", - "DateLastUpdated": "2018-03-20T17:22:55+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002045", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における任意のコードを実行される脆弱性", - "Overview": "Adobe Reader および Acrobat には、解放済みメモリの使用 (Use-after-free) により、任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "XFA エンジンでメモリアクセス違反の例外を引き起こす巧妙に細工された PDF ファイルを介して、任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4888", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4888" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4888", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4888" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-416", - "Title": "解放済みメモリの使用", - "URL": "https://cwe.mitre.org/data/definitions/416.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:57+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:57+09:00", - "DateLastUpdated": "2018-03-20T17:22:57+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002046", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4889", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4889" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4889", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4889" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:58+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:58+09:00", - "DateLastUpdated": "2018-03-20T17:22:58+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002047", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat におけるコードを破損される脆弱性", - "Overview": "Adobe Reader および Acrobat には、XPS ファイルに埋め込まれた JPEG データを処理する際、ヒープオーバーフローにより、コードを破損される、制御フローをハイジャックされる、または情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "コードを破損される、制御フローをハイジャックされる、または情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4890", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4890" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4890", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4890" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:59+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:59+09:00", - "DateLastUpdated": "2018-03-20T17:22:59+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002048", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4891", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4891" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4891", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4891" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:23:00+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:23:00+09:00", - "DateLastUpdated": "2018-03-20T17:23:00+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002049", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の JBIG2 デコーダにおける任意のコードを実行される脆弱性", - "Overview": "Adobe Reader および Acrobat の JBIG2 デコーダには、解放済みメモリの使用 (use-after-free) により、任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "不正な形式の JBIG2 ストリームを含む巧妙に細工された PDF ファイルを介して、任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4892", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4892" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4892", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4892" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-416", - "Title": "解放済みメモリの使用", - "URL": "https://cwe.mitre.org/data/definitions/416.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:23:01+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:23:01+09:00", - "DateLastUpdated": "2018-03-20T17:23:01+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002050", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat には、ヒープオーバーフローにより、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "XPS ファイルの巧妙に細工された TIFF データを介して、メモリの境界外アクセスを引き起こされることで、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4904", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4904" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4904", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4904" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:50:57+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:50:57+09:00", - "DateLastUpdated": "2018-03-20T17:50:57+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002051", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4906", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4906" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4906", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4906" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:50:58+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:50:58+09:00", - "DateLastUpdated": "2018-03-20T17:50:58+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002052", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4907", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4907" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4907", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4907" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:50:59+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:50:59+09:00", - "DateLastUpdated": "2018-03-20T17:50:59+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002053", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4908", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4908" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4908", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4908" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:51:00+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:51:00+09:00", - "DateLastUpdated": "2018-03-20T17:51:00+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002034", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを書き込むため、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "攻撃者により、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4901", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4901" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4901", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4901" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-787", - "Title": "境界外書き込み", - "URL": "https://cwe.mitre.org/data/definitions/787.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:08:01+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:08:01+09:00", - "DateLastUpdated": "2018-03-20T17:08:01+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002035", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における任意のコードを実行される脆弱性", - "Overview": "Adobe Reader および Acrobat には、解放済みメモリの使用 (use-after-free) により、任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "埋め込まれた JavaScript によって起動されるビデオアノテーション (および対応するメディアファイル) を含む巧妙に細工された PDF ファイルを介して、任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4902", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4902" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4902", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4902" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-416", - "Title": "解放済みメモリの使用", - "URL": "https://cwe.mitre.org/data/definitions/416.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:08:02+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:08:02+09:00", - "DateLastUpdated": "2018-03-20T17:08:02+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002036", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の XPS モジュールの TIFF 処理における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の XPS モジュールの TIFF 処理は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4903", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4903" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4903", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4903" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T11:37:45+09:00", - "Description": "[2018年03月20日] 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:11:19+09:00", - "DateLastUpdated": "2018-03-20T17:11:19+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002037", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の XPS モジュールの TIFF 処理における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の XPS モジュールの TIFF 処理は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4905", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4905" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4905", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4905" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T11:20:45+09:00", - "Description": "[2018年03月20日] 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:12:08+09:00", - "DateLastUpdated": "2018-03-20T17:12:08+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002038", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4881", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4881" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4881", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4881" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:49+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:49+09:00", - "DateLastUpdated": "2018-03-20T17:22:49+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002039", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の文字列リテラルのパーサにおける重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の文字列リテラルのパーサは、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4882", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4882" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4882", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4882" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:50+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:50+09:00", - "DateLastUpdated": "2018-03-20T17:22:50+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002040", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat には、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4883", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4883" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4883", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4883" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:51+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:51+09:00", - "DateLastUpdated": "2018-03-20T17:22:51+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002041", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4884", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4884" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4884", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4884" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:52+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:52+09:00", - "DateLastUpdated": "2018-03-20T17:22:52+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002042", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4885", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4885" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4885", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4885" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:53+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:53+09:00", - "DateLastUpdated": "2018-03-20T17:22:53+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002043", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4886", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4886" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4886", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4886" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:22:54+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:22:54+09:00", - "DateLastUpdated": "2018-03-20T17:22:54+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012525", - "VulinfoData": { - "Title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump におけるアクセス制御に関する脆弱性", - "Overview": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump には、アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Smiths Medical", - "ProductName": "Medfusion 4000 Wireless Syringe Infusion Pump", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump" - }, - "VersionNumber": [ - "1.1", - "1.5", - "1.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.1", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Smiths Medical", - "VulinfoID": "Medfusion 4000 Wireless Syringe Infusion Pump", - "URL": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12720", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12720" - }, - { - "Type": "advisory", - "Name": "ICS-CERT ADVISORY", - "VulinfoID": "ICSMA-17-250-02A", - "URL": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12720", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12720" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-284", - "Title": "不適切なアクセス制御", - "URL": "https://cwe.mitre.org/data/definitions/284.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T18:09:40+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T18:09:40+09:00", - "DateLastUpdated": "2018-03-19T18:09:40+09:00", - "DatePublic": "2017-09-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012526", - "VulinfoData": { - "Title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump における証明書検証に関する脆弱性", - "Overview": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump には、証明書検証に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Smiths Medical", - "ProductName": "Medfusion 4000 Wireless Syringe Infusion Pump", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump" - }, - "VersionNumber": [ - "1.1", - "1.5", - "1.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "5.9", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Smiths Medical", - "VulinfoID": "Medfusion 4000 Wireless Syringe Infusion Pump", - "URL": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12721", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12721" - }, - { - "Type": "advisory", - "Name": "ICS-CERT ADVISORY", - "VulinfoID": "ICSMA-17-250-02A", - "URL": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12721", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12721" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-295", - "Title": "不正な証明書検証", - "URL": "https://cwe.mitre.org/data/definitions/295.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T18:09:41+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T18:09:41+09:00", - "DateLastUpdated": "2018-03-19T18:09:41+09:00", - "DatePublic": "2017-09-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012527", - "VulinfoData": { - "Title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump における情報漏えいに関する脆弱性", - "Overview": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Smiths Medical", - "ProductName": "Medfusion 4000 Wireless Syringe Infusion Pump", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump" - }, - "VersionNumber": [ - "1.1", - "1.5", - "1.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", - "BaseScore": "3.7", - "Severity": "Low" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Smiths Medical", - "VulinfoID": "Medfusion 4000 Wireless Syringe Infusion Pump", - "URL": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12723", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12723" - }, - { - "Type": "advisory", - "Name": "ICS-CERT ADVISORY", - "VulinfoID": "ICSMA-17-250-02A", - "URL": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12723", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12723" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T18:09:42+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T18:09:42+09:00", - "DateLastUpdated": "2018-03-19T18:09:42+09:00", - "DatePublic": "2017-09-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012528", - "VulinfoData": { - "Title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump におけるハードコードされた認証情報の使用に関する脆弱性", - "Overview": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump には、ハードコードされた認証情報の使用に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Smiths Medical", - "ProductName": "Medfusion 4000 Wireless Syringe Infusion Pump", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump" - }, - "VersionNumber": [ - "1.1", - "1.5", - "1.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.1", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Smiths Medical", - "VulinfoID": "Medfusion 4000 Wireless Syringe Infusion Pump", - "URL": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12724", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12724" - }, - { - "Type": "advisory", - "Name": "ICS-CERT ADVISORY", - "VulinfoID": "ICSMA-17-250-02A", - "URL": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12724", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12724" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-798", - "Title": "ハードコードされた認証情報の使用", - "URL": "https://cwe.mitre.org/data/definitions/798.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T18:09:44+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T18:09:44+09:00", - "DateLastUpdated": "2018-03-19T18:09:44+09:00", - "DatePublic": "2017-09-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012529", - "VulinfoData": { - "Title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump におけるハードコードされた認証情報の使用に関する脆弱性", - "Overview": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump には、ハードコードされた認証情報の使用に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Smiths Medical", - "ProductName": "Medfusion 4000 Wireless Syringe Infusion Pump", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump" - }, - "VersionNumber": [ - "1.1", - "1.5", - "1.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Smiths Medical", - "VulinfoID": "Medfusion 4000 Wireless Syringe Infusion Pump", - "URL": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12725", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12725" - }, - { - "Type": "advisory", - "Name": "ICS-CERT ADVISORY", - "VulinfoID": "ICSMA-17-250-02A", - "URL": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12725", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12725" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-798", - "Title": "ハードコードされた認証情報の使用", - "URL": "https://cwe.mitre.org/data/definitions/798.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T18:09:45+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T18:09:45+09:00", - "DateLastUpdated": "2018-03-19T18:09:45+09:00", - "DatePublic": "2017-09-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012530", - "VulinfoData": { - "Title": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump におけるハードコードされた認証情報の使用に関する脆弱性", - "Overview": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump には、ハードコードされた認証情報の使用に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Smiths Medical", - "ProductName": "Medfusion 4000 Wireless Syringe Infusion Pump", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump" - }, - "VersionNumber": [ - "1.1", - "1.5", - "1.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "BaseScore": "7.3", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Smiths Medical", - "VulinfoID": "Medfusion 4000 Wireless Syringe Infusion Pump", - "URL": "https://www.smiths-medical.com/products/infusion/syringe-infusion/syringe-infusion-pumps/medfusion-4000-wireless-syringe-infusion-pump" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12726", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12726" - }, - { - "Type": "advisory", - "Name": "ICS-CERT ADVISORY", - "VulinfoID": "ICSMA-17-250-02A", - "URL": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12726", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12726" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-798", - "Title": "ハードコードされた認証情報の使用", - "URL": "https://cwe.mitre.org/data/definitions/798.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T18:09:46+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T18:09:46+09:00", - "DateLastUpdated": "2018-03-19T18:09:46+09:00", - "DatePublic": "2017-09-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002030", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の XPS フォント処理における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の XPS フォント処理は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4893", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4893" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4893", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4893" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:07:56+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:07:56+09:00", - "DateLastUpdated": "2018-03-20T17:07:56+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002031", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat の XPS フォント処理における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat の XPS フォント処理は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4894", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4894" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4894", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4894" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:07:57+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:07:57+09:00", - "DateLastUpdated": "2018-03-20T17:07:57+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002032", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要なデータを破壊される脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを書き込むため、重要なデータを破壊される、または任意のコードを実行される脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "攻撃者により、重要なデータを破壊される、または任意のコードを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "BaseScore": "10", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4895", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4895" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4895", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4895" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-787", - "Title": "境界外書き込み", - "URL": "https://cwe.mitre.org/data/definitions/787.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:07:59+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:07:59+09:00", - "DateLastUpdated": "2018-03-20T17:07:59+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002033", - "VulinfoData": { - "Title": "Adobe Reader および Acrobat における重要な情報を漏えいされる脆弱性", - "Overview": "Adobe Reader および Acrobat は、対象のバッファの終端を越えてデータを読み取るため、重要な情報を漏えいされる脆弱性が存在します。", - "Affected": [ - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Acrobat Reader DC", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader_dc" - }, - "VersionNumber": [ - "(Classic Track) 2015.006.30413 未満 (Windows)", - "(Classic Track) 2015.006.30416 未満 (Macintosh)", - "(Continuous Track) 2018.011.20035 未満 (Windows/Macintosh)" - ] - }, - { - "Name": "アドビシステムズ", - "ProductName": "Adobe Reader", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:adobe:acrobat_reader" - }, - "VersionNumber": [ - "2017 2017.011.30078 未満 (Windows/Macintosh)" - ] - } - ], - "Impact": { - "Description": "重要な情報を漏えいされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Adobe Security Bulletin", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "Adobe セキュリティ情報", - "VulinfoID": "APSB18-02", - "URL": "https://helpx.adobe.com/jp/security/products/acrobat/apsb18-02.html" - }, - { - "Type": "vendor", - "Name": "富士通 セキュリティ情報", - "VulinfoID": "アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせ", - "URL": "http://www.fmworld.net/biz/common/adobe/20180215.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-4896", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4896" - }, - { - "Type": "advisory", - "Name": "IPA 重要なセキュリティ情報", - "VulinfoID": "Adobe Reader および Acrobat の脆弱性対策について(APSB18-02)(CVE-2018-4872等)", - "URL": "https://www.ipa.go.jp/security/ciadr/vul/20180214-adobereader.html" - }, - { - "Type": "advisory", - "Name": "JPCERT 注意喚起", - "VulinfoID": "JPCERT-AT-2018-0007", - "URL": "http://www.jpcert.or.jp/at/2018/at180007.html" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-4896", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-4896" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-20T17:08:00+09:00", - "Description": "[2018年03月20日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-20T17:08:00+09:00", - "DateLastUpdated": "2018-03-20T17:08:00+09:00", - "DatePublic": "2018-02-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008914", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における情報漏えいに関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "BaseScore": "5.3", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8531", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8531" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8531", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8531" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:51:45+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:51:45+09:00", - "DateLastUpdated": "2018-03-19T17:51:45+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008915", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8533", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8533" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8533", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8533" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:51:46+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:51:46+09:00", - "DateLastUpdated": "2018-03-19T17:51:46+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008916", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", - "BaseScore": "6.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8534", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8534" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8534", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8534" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:51:47+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:51:47+09:00", - "DateLastUpdated": "2018-03-19T17:51:47+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2016-008917", - "VulinfoData": { - "Title": "HPE Matrix Operating Environment における入力確認に関する脆弱性", - "Overview": "HPE Matrix Operating Environment には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "HPE Matrix Operating Environment", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:matrix_operating_environment" - }, - "VersionNumber": [ - "7.6" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", - "BaseScore": "3.5", - "Severity": "Low" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPSBMU03692", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2016-8535", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8535" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2016-8535", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2016-8535" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:51:48+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:51:48+09:00", - "DateLastUpdated": "2018-03-19T17:51:48+09:00", - "DatePublic": "2016-10-07T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012523", - "VulinfoData": { - "Title": "HPE System Management Homepage における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE System Management Homepage には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:C/I:C/A:N", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12553", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12553" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12553", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12553" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:55+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:55+09:00", - "DateLastUpdated": "2018-03-19T17:21:55+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012524", - "VulinfoData": { - "Title": "Huawei TE60 および ViewPoint 9030 のソフトウェアにおけるリソース管理に関する脆弱性", - "Overview": "Huawei TE60 および ViewPoint 9030 のソフトウェアには、リソース管理に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Huawei", - "ProductName": "TE60 ファームウェア", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:huawei:te60_firmware" - }, - "VersionNumber": [ - "V600R006C00" - ] - }, - { - "Name": "Huawei", - "ProductName": "ViewPoint 9030 ファームウェア", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:huawei:viewpoint_9030_firmware" - }, - "VersionNumber": [ - "V100R011C02", - "V100R011C03" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Security Advisory", - "VulinfoID": "huawei-sa-20171213-01-ldap", - "URL": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-01-ldap-en" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-17290", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17290" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-17290", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17290" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-399", - "Title": "リソース管理の問題", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-399.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:55:44+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:55:44+09:00", - "DateLastUpdated": "2018-03-19T17:55:44+09:00", - "DatePublic": "2017-12-13T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002026", - "VulinfoData": { - "Title": "Joomla! 用 AllVideos Reloaded コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 AllVideos Reloaded コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "AllVideos Reloaded project", - "ProductName": "AllVideos Reloaded", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:allvideos_reloaded_project:allvideos_reloaded" - }, - "VersionNumber": [ - "1.2.x" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "JoomlaCode.org", - "VulinfoID": "AllVideos Reloaded", - "URL": "http://joomlacode.org/gf/project/allvideos15/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5990", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5990" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5990", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5990" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44107/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:54:24+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:54:24+09:00", - "DateLastUpdated": "2018-03-19T17:54:24+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002027", - "VulinfoData": { - "Title": "Joomla! 用 Staff Master コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Staff Master コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Staff Master project", - "ProductName": "Staff Master", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:staff_master_project:staff_master" - }, - "VersionNumber": [ - "1.0 RC 1 まで" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Vulnerable Extensions List", - "VulinfoID": "Staff Master", - "URL": "https://vel.joomla.org/abandonware/2101-staff-master" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5992", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5992" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5992", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5992" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Staff Master 1.0 RC 1 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44129/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:54:25+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:54:25+09:00", - "DateLastUpdated": "2018-03-19T17:54:25+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002028", - "VulinfoData": { - "Title": "Joomla! 用 File Download Tracker コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 File Download Tracker コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "SLAB Techsol System", - "ProductName": "File download tracker", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:techsolsystem:file_download_tracker" - }, - "VersionNumber": [ - "3.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "File download tracker", - "URL": "https://extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/file-download-tracker/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6004", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6004" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6004", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6004" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component File Download Tracker 3.0 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44110/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:54:26+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:54:26+09:00", - "DateLastUpdated": "2018-03-19T17:54:26+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002029", - "VulinfoData": { - "Title": "Joomla! 用 Realpin コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Realpin コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "realpin.frumania.com", - "ProductName": "RealPin", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:realpin_project:realpin" - }, - "VersionNumber": [ - "1.5.04 まで" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Realpin", - "URL": "https://extensions.joomla.org/extensions/extension/multimedia/multimedia-display/realpin/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6005", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6005" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6005", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6005" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Realpin 1.5.04 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44125/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:54:28+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:54:28+09:00", - "DateLastUpdated": "2018-03-19T17:54:28+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012514", - "VulinfoData": { - "Title": "HPE System Management Homepage におけるクロスサイトスクリプティングの脆弱性", - "Overview": "HPE System Management Homepage には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", - "BaseScore": "3.5", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "5.4", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12544", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12544" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12544", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12544" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:45+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:45+09:00", - "DateLastUpdated": "2018-03-19T17:21:45+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012515", - "VulinfoData": { - "Title": "HPE System Management Homepage における NULL ポインタデリファレンスに関する脆弱性", - "Overview": "HPE System Management Homepage には、NULL ポインタデリファレンスに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", - "BaseScore": "7.8", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12545", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12545" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12545", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12545" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-476", - "Title": "NULL ポインタデリファレンス", - "URL": "http://cwe.mitre.org/data/definitions/476.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:46+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:46+09:00", - "DateLastUpdated": "2018-03-19T17:21:46+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012516", - "VulinfoData": { - "Title": "HPE System Management Homepage におけるバッファエラーの脆弱性", - "Overview": "HPE System Management Homepage には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:C/I:C/A:N", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12546", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12546" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12546", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12546" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:47+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:47+09:00", - "DateLastUpdated": "2018-03-19T17:21:47+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012517", - "VulinfoData": { - "Title": "HPE System Management Homepage における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE System Management Homepage には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:N/I:C/A:C", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12547", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12547" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12547", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12547" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:49+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:49+09:00", - "DateLastUpdated": "2018-03-19T17:21:49+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012518", - "VulinfoData": { - "Title": "HPE System Management Homepage における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE System Management Homepage には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:N/I:C/A:C", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12548", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12548" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12548", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12548" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:50+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:50+09:00", - "DateLastUpdated": "2018-03-19T17:21:50+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012519", - "VulinfoData": { - "Title": "HPE System Management Homepage における認証に関する脆弱性", - "Overview": "HPE System Management Homepage には、認証に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:C/I:C/A:N", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12549", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12549" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12549", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12549" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-287", - "Title": "不適切な認証", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-287.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:51+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:51+09:00", - "DateLastUpdated": "2018-03-19T17:21:51+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012520", - "VulinfoData": { - "Title": "HPE System Management Homepage における環境設定に関する脆弱性", - "Overview": "HPE System Management Homepage には、環境設定に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:N/I:C/A:C", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12550", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12550" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12550", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12550" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-16", - "Title": "環境設定", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-16.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:52+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:52+09:00", - "DateLastUpdated": "2018-03-19T17:21:52+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012521", - "VulinfoData": { - "Title": "HPE System Management Homepage における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE System Management Homepage には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:N/I:C/A:C", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12551", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12551" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12551", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12551" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:53+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:53+09:00", - "DateLastUpdated": "2018-03-19T17:21:53+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012522", - "VulinfoData": { - "Title": "HPE System Management Homepage における認可・権限・アクセス制御に関する脆弱性", - "Overview": "HPE System Management Homepage には、認可・権限・アクセス制御に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "System Management Homepage", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:hp:system_management_homepage" - }, - "VersionNumber": [ - "7.6.1 未満 (Windows/Linux)" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:H/Au:S/C:N/I:C/A:C", - "BaseScore": "5.5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", - "BaseScore": "5.6", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "HPE Security Bulletin", - "VulinfoID": "HPESBMU03753", - "URL": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-12552", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12552" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-12552", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12552" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T17:21:54+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T17:21:54+09:00", - "DateLastUpdated": "2018-03-19T17:21:54+09:00", - "DatePublic": "2017-09-26T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002025", - "VulinfoData": { - "Title": "Joomla! 用 OS Property Real Estate コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 OS Property Real Estate コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Ossolution Team", - "ProductName": "OS Property Real Estate", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:os_property_real_estate_project:os_property_real_estate" - }, - "VersionNumber": [ - "3.12.7" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "OS Property Real Estate", - "URL": "https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/os-property/" - }, - { - "Type": "vendor", - "Name": "Ossolution", - "VulinfoID": "Top Page", - "URL": "https://www.joomdonation.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7319", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7319" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7319", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7319" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44165/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:55+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:55+09:00", - "DateLastUpdated": "2018-03-19T16:59:55+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002015", - "VulinfoData": { - "Title": "Joomla! 用 MediaLibrary コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 MediaLibrary コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "OrdaSoft", - "ProductName": "MediaLibrary", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ordasoft:medialibrary" - }, - "VersionNumber": [ - "Free 4.0.12" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "MediaLibrary Basic", - "URL": "https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/" - }, - { - "Type": "vendor", - "Name": "OrdaSoft", - "VulinfoID": "Media Library - Joomla extension", - "URL": "http://ordasoft.com/media-library-joomla-extension" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5971", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5971" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5971", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5971" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44122/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:44+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:44+09:00", - "DateLastUpdated": "2018-03-19T16:59:44+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002016", - "VulinfoData": { - "Title": "Joomla! 用 JGive コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 JGive コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Techjoomla", - "ProductName": "JGive", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:techjoomla:jgive" - }, - "VersionNumber": [ - "2.0.9" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "jGive", - "URL": "https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/" - }, - { - "Type": "vendor", - "Name": "Techjoomla", - "VulinfoID": "JGive", - "URL": "https://techjoomla.com/products/jgive" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5970", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5970" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5970", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5970" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component jGive 2.0.9 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44116/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:45+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:45+09:00", - "DateLastUpdated": "2018-03-19T16:59:45+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002017", - "VulinfoData": { - "Title": "Joomla! 用 Saxum Numerology コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Saxum Numerology コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Saxum 2003", - "ProductName": "Saxum Numerology", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:saxum2003:numerology" - }, - "VersionNumber": [ - "3.0.4" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Saxum 2003", - "VulinfoID": "Saxum Numerology", - "URL": "http://www.saxum2003.hu/en/introen/56-numerology-en.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7177", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7177" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7177", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7177" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Saxum Numerology 3.0.4 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44134/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:46+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:46+09:00", - "DateLastUpdated": "2018-03-19T16:59:46+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002018", - "VulinfoData": { - "Title": "Joomla! 用 Saxum Picker コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Saxum Picker コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Saxum 2003", - "ProductName": "Saxum Picker", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:saxum2003:saxum_picker" - }, - "VersionNumber": [ - "3.2.10" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Saxum 2003", - "VulinfoID": "Saxum Picker", - "URL": "http://www.saxum2003.hu/en/introen/55-picker-en.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7178", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7178" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7178", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7178" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Saxum Picker 3.2.10 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44136/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:47+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:47+09:00", - "DateLastUpdated": "2018-03-19T16:59:47+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002019", - "VulinfoData": { - "Title": "Joomla! 用 SquadManagement コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 SquadManagement コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Lars Hildebrandt", - "ProductName": "SquadManagement!", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:squadmanagement_project:squadmanagement" - }, - "VersionNumber": [ - "1.0.3" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "SquadManagement!", - "URL": "https://extensions.joomla.org/extensions/extension/sports-a-games/sports/squadmanagement/" - }, - { - "Type": "vendor", - "Name": "Lars Hildebrandt", - "VulinfoID": "SquadManagement! for Joomla", - "URL": "http://www.larshildebrandt.de/joomla/components/squadmanagement-for-joomla.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7179", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7179" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7179", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7179" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component SquadManagement 1.0.3 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44135/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:48+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:48+09:00", - "DateLastUpdated": "2018-03-19T16:59:48+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002020", - "VulinfoData": { - "Title": "Joomla! 用 Saxum Astro コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Saxum Astro コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Saxum 2003", - "ProductName": "Saxum Astro", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:saxum2003:astro" - }, - "VersionNumber": [ - "4.0.14" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Saxum 2003", - "VulinfoID": "Saxum Astro", - "URL": "http://www.saxum2003.hu/en/introen/57-astro-en.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7180", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7180" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7180", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7180" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Saxum Astro 4.0.14 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44133/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:49+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:49+09:00", - "DateLastUpdated": "2018-03-19T16:59:49+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002021", - "VulinfoData": { - "Title": "Joomla! 用 Project Log コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Project Log コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "TheThinkery LLC", - "ProductName": "Project Log", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:thethinkery:project_log" - }, - "VersionNumber": [ - "1.5.3" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Project Log", - "URL": "https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/project-log/" - }, - { - "Type": "vendor", - "Name": "theThinkery", - "VulinfoID": "About Project Log", - "URL": "https://extensions.thethinkery.net/about-projectlog" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6024", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6024" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6024", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6024" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Project Log 1.5.3 SQL Injection", - "URL": "https://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:50+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:50+09:00", - "DateLastUpdated": "2018-03-19T16:59:50+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002022", - "VulinfoData": { - "Title": "Joomla! 用 Alexandria Book Library コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Alexandria Book Library コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Federica Ugolotti", - "ProductName": "Alexandria Book Library", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:alexandriabooklibrary:alexandria_book_library" - }, - "VersionNumber": [ - "3.1.2" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Federica Ugolotti", - "VulinfoID": "Alexandria Book Library", - "URL": "https://alexandriabooklibrary.org/en/" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Alexandria Book Library", - "URL": "https://extensions.joomla.org/extensions/extension/living/education-a-culture/alexandria-book-library/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7312", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7312" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7312", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7312" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Alexandria Book Library 3.1.2 - 'letter' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44162/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:51+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:51+09:00", - "DateLastUpdated": "2018-03-19T16:59:51+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002023", - "VulinfoData": { - "Title": "Joomla! 用 Ek Rishta コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Ek Rishta コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Harmis Technology", - "ProductName": "Ek Rishta", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ek_rishta_project:ek_rishta" - }, - "VersionNumber": [ - "2.9" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Harmis Technology", - "VulinfoID": "Ek Rishta", - "URL": "https://www.joomlaextensions.co.in/component/jeshop/product/Ek-Rishta?Itemid=1138" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Ek rishta", - "URL": "https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7315", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7315" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7315", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7315" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Ek Rishta 2.9 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44161/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:52+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:52+09:00", - "DateLastUpdated": "2018-03-19T16:59:52+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002024", - "VulinfoData": { - "Title": "Joomla! 用 CheckList コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 CheckList コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Belitsoft.", - "ProductName": "CheckList", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:belitsoft:checklist" - }, - "VersionNumber": [ - "1.1.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Belitsoft.", - "VulinfoID": "CheckList Joomla! Component", - "URL": "https://www.joomplace.com/joomla-components/checklist-extension.html" - }, - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "CheckList", - "URL": "https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7318", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7318" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7318", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7318" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component CheckList 1.1.1 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44163/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:53+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:53+09:00", - "DateLastUpdated": "2018-03-19T16:59:53+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002005", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "Thread: use wider variables to prevent overflow and infinite loops", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14428", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7330", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7330" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7330", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7330" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:55+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:55+09:00", - "DateLastUpdated": "2018-03-19T15:15:55+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002006", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "BER: Add a length check.", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14444", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7331", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7331" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7331", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7331" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:56+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:56+09:00", - "DateLastUpdated": "2018-03-19T15:15:56+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002007", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "RELOAD: Fix a length check.", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14445", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7332", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7332" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7332", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7332" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:57+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:57+09:00", - "DateLastUpdated": "2018-03-19T15:15:57+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002008", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "RPCoRDMA: Set an upper bound for our chunk size.", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bd6313181317bfe83842b27650b65f3c2b8d5dc9" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14449", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7333", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7333" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7333", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7333" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:58+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:58+09:00", - "DateLastUpdated": "2018-03-19T15:15:58+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002009", - "VulinfoData": { - "Title": "Joomla! 用 Fastball コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Fastball コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Fastball Productions", - "ProductName": "Fastball", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:fastballproductions:fastball" - }, - "VersionNumber": [ - "2.5" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Fastball Productions", - "VulinfoID": "Top Page", - "URL": "http://www.fastballproductions.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6373", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6373" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6373", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6373" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Fastball 2.5 - 'season' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44109/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:37+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:37+09:00", - "DateLastUpdated": "2018-03-19T16:59:37+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002010", - "VulinfoData": { - "Title": "Joomla! 用 Gallery WD コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Gallery WD コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Web-Dorado", - "ProductName": "Gallery WD", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:web-dorado:gallery_wd" - }, - "VersionNumber": [ - "1.3.6" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Gallery WD", - "URL": "https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-wd/" - }, - { - "Type": "vendor", - "Name": "Web-Dorado", - "VulinfoID": "Gallery WD", - "URL": "https://web-dorado.com/products/joomla-gallery.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5981", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5981" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5981", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5981" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Gallery WD 1.3.6 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44112/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:38+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:38+09:00", - "DateLastUpdated": "2018-03-19T16:59:38+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002011", - "VulinfoData": { - "Title": "Joomla! 用 Solidres コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Solidres コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Solidres", - "ProductName": "Solidres", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:solidres:solidres" - }, - "VersionNumber": [ - "2.5.1" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Solidres", - "URL": "https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/" - }, - { - "Type": "vendor", - "Name": "Solidres", - "VulinfoID": "Top Page", - "URL": "https://www.solidres.com/" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5980", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5980" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5980", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5980" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Solidres 2.5.1 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44128/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:39+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:39+09:00", - "DateLastUpdated": "2018-03-19T16:59:39+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002012", - "VulinfoData": { - "Title": "Joomla! 用 Smart Shoutbox コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 Smart Shoutbox コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "The Krotek", - "ProductName": "Smart Shoutbox", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:thekrotek:smart_shoutbox" - }, - "VersionNumber": [ - "3.0.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "Smart Shoutbox", - "URL": "https://extensions.joomla.org/extension/smart-shoutbox/" - }, - { - "Type": "vendor", - "Name": "The Krotek", - "VulinfoID": "Smart Shoutbox", - "URL": "https://thekrotek.com/joomla-extensions/smart-shoutbox" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5975", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5975" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5975", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5975" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44127/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:41+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:41+09:00", - "DateLastUpdated": "2018-03-19T16:59:41+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002013", - "VulinfoData": { - "Title": "Joomla! 用 InviteX コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 InviteX コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "Techjoomla", - "ProductName": "InviteX", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:techjoomla:invitex" - }, - "VersionNumber": [ - "3.0.5" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Joomla! Extensions Directory", - "VulinfoID": "InviteX", - "URL": "https://extensions.joomla.org/extensions/extension/content-sharing/bookmark-a-recommend/invitex/" - }, - { - "Type": "vendor", - "Name": "Techjoomla", - "VulinfoID": "InviteX", - "URL": "https://techjoomla.com/products/invitex" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6394", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6394" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6394", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6394" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44114/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:42+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:42+09:00", - "DateLastUpdated": "2018-03-19T16:59:42+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002014", - "VulinfoData": { - "Title": "Joomla! 用 SimpleCalendar コンポーネントにおける SQL インジェクションの脆弱性", - "Overview": "Joomla! 用 SimpleCalendar コンポーネントには、SQL インジェクションの脆弱性が存在します。", - "Affected": [ - { - "Name": "albonico", - "ProductName": "SimpleCalendar", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:albonico:simplecalendar" - }, - "VersionNumber": [ - "3.1.9" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "7.5", - "Severity": "High" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "9.8", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FA Software", - "VulinfoID": "SimpleCalendar", - "URL": "http://software.albonico.ch/joomla-components/simplecalendar.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5974", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5974" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5974", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5974" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "Joomla! Component SimpleCalendar 3.1.9 - SQL Injection", - "URL": "https://www.exploit-db.com/exploits/44126/" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-89", - "Title": "SQLインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-89.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T16:59:43+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T16:59:43+09:00", - "DateLastUpdated": "2018-03-19T16:59:43+09:00", - "DatePublic": "2018-02-16T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001995", - "VulinfoData": { - "Title": "FFmpeg における境界外読み取りに関する脆弱性", - "Overview": "FFmpeg には、境界外読み取りに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "FFmpeg", - "ProductName": "FFmpeg", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ffmpeg:ffmpeg" - }, - "VersionNumber": [ - "3.4.2 まで" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "BaseScore": "6.5", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FFmpeg", - "VulinfoID": "avcodec/utvideodec: Add several out of array read related checks", - "URL": "https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6912", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6912" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6912", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6912" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-125", - "Title": "境界外読み取り", - "URL": "https://cwe.mitre.org/data/definitions/125.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:00:43+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:00:43+09:00", - "DateLastUpdated": "2018-03-19T15:00:43+09:00", - "DatePublic": "2018-02-11T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001996", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "Thrift: stop dissection when encountering an unknown/unexpected type", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14379", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7321", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7321" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7321", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7321" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:45+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:45+09:00", - "DateLastUpdated": "2018-03-19T15:15:45+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001997", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "DICOM: Prevent infinite loop (dissect_dcm_tag)", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afc780e2c796e971bb7d164103f4f0d10d3c25b5" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14411", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7322", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7322" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7322", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7322" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:46+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:46+09:00", - "DateLastUpdated": "2018-03-19T15:15:46+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001998", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "WCCP: Prevent very long loop in dissect_wccp2_alternate_mask_value_set_element", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f9199ea8cff56c6704e9828c3d80360b27c4565" - }, - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "WCCP: Make sure our offset increases.", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5d45b69b590cabc5127282d1ade3bca1598e5f5c" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14412", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7323", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7323" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7323", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7323" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:47+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:47+09:00", - "DateLastUpdated": "2018-03-19T15:15:47+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001999", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "SCCP: Use int datatype for offset to prevent infinite loops", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14413", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7324", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7324" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7324", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7324" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:48+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:48+09:00", - "DateLastUpdated": "2018-03-19T15:15:48+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002000", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "RPKI-Router: Sanity check length field to prevent infinite loop", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7be234d06ea39ab6a88115ae41d71060f1f15e3c" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14414", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7325", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7325" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7325", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7325" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:49+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:49+09:00", - "DateLastUpdated": "2018-03-19T15:15:49+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002001", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "LLTD: use wider variables to prevent overflow and infinite loops", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=293b999425e998d6cde0d9149648e421ea7687d0" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14419", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7326", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7326" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7326", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7326" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:50+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:50+09:00", - "DateLastUpdated": "2018-03-19T15:15:50+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002002", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "OpenFlow 1.5: add extra property length checks", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14420", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7327", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7327" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7327", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7327" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:51+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:51+09:00", - "DateLastUpdated": "2018-03-19T15:15:51+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002003", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "USB: Sanity check Darwin USB header to prevent infinite loop.", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14421", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7328", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7328" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7328", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7328" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:53+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:53+09:00", - "DateLastUpdated": "2018-03-19T15:15:53+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-002004", - "VulinfoData": { - "Title": "Wireshark におけるリソースの枯渇に関する脆弱性", - "Overview": "Wireshark には、リソースの枯渇に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Wireshark", - "ProductName": "Wireshark", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:wireshark:wireshark" - }, - "VersionNumber": [ - "2.2.0 から 2.2.12", - "2.4.0 から 2.4.4" - ] - } - ], - "Impact": { - "Description": "サービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Code Review", - "VulinfoID": "S7comm: fix range check to prevent infinite loop when upper bound is 255", - "URL": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be" - }, - { - "Type": "vendor", - "Name": "Wireshark Bug Database", - "VulinfoID": "Bug 14423", - "URL": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423" - }, - { - "Type": "vendor", - "Name": "Wireshark Security Advisories", - "VulinfoID": "wnpa-sec-2018-06", - "URL": "https://www.wireshark.org/security/wnpa-sec-2018-06.html" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7329", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7329" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7329", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7329" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-400", - "Title": "リソースの枯渇", - "URL": "https://cwe.mitre.org/data/definitions/400.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:15:54+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:15:54+09:00", - "DateLastUpdated": "2018-03-19T15:15:54+09:00", - "DatePublic": "2018-02-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2015-008110", - "VulinfoData": { - "Title": "Configuration Repo における入力確認に関する脆弱性", - "Overview": "Configuration Repo には、入力確認に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "edX", - "ProductName": "Configuration", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:edx:configuration" - }, - "VersionNumber": [ - "Repo" - ] - }, - { - "Name": "edX", - "ProductName": "edX", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:edx:edx-platform" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Update to use for booleans. #1885", - "URL": "https://github.com/edx/configuration/pull/1885/files" - }, - { - "Type": "vendor", - "Name": "Open edX", - "VulinfoID": "Security Alert: Bug in Configuration Repo Bypasses CORS Security", - "URL": "https://open.edx.org/CVE-2015-2186" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2015-2186", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2186" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2015-2186", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2015-2186" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-20", - "Title": "不適切な入力確認", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-20.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:00:37+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:00:37+09:00", - "DateLastUpdated": "2018-03-19T15:00:37+09:00", - "DatePublic": "2015-03-06T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012513", - "VulinfoData": { - "Title": "OpenVMS におけるバッファエラーの脆弱性", - "Overview": "OpenVMS には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "ヒューレット・パッカード・エンタープライズ", - "ProductName": "OpenVMS", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:hp:openvms" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "4.6", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Google Groups", - "VulinfoID": "CVE-2017-17482", - "URL": "https://groups.google.com/forum/#%21topic/comp.os.vms/BYIUQ0lJ-s0" - }, - { - "Type": "vendor", - "Name": "Hewlett Packard Enterprise", - "VulinfoID": "OpenVMS", - "URL": "http://h50146.www5.hpe.com/products/software/oe/openvms/?jumpid=va_r10163_jp/ja/large/tsg/marcomurl_ot_ob_ds_pd/openvms_cc/d" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-17482", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17482" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-17482", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-17482" - }, - { - "Type": "advisory", - "Name": "関連文書", - "VulinfoID": "OpenVMS DCL Security issue CVE-2017-17482", - "URL": "http://www.openvms.org/node/121" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:00:38+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:00:38+09:00", - "DateLastUpdated": "2018-03-19T15:00:38+09:00", - "DatePublic": "2017-12-08T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001987", - "VulinfoData": { - "Title": "FreeXL におけるバッファエラーの脆弱性", - "Overview": "FreeXL には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "Alessandro Furieri", - "ProductName": "FreeXL", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:gaia-gis:freexl" - }, - "VersionNumber": [ - "1.0.5 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FreeXL", - "VulinfoID": "Top Page", - "URL": "https://www.gaia-gis.it/fossil/freexl/home" - }, - { - "Type": "vendor", - "Name": "Google Groups", - "VulinfoID": "Five heap-buffer-overflow vulnerabilities of FreeXL 1.0.4", - "URL": "https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7435", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7435" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7435", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7435" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T12:25:55+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T12:25:55+09:00", - "DateLastUpdated": "2018-03-19T12:25:55+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001988", - "VulinfoData": { - "Title": "FreeXL におけるバッファエラーの脆弱性", - "Overview": "FreeXL には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "Alessandro Furieri", - "ProductName": "FreeXL", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:gaia-gis:freexl" - }, - "VersionNumber": [ - "1.0.5 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FreeXL", - "VulinfoID": "Top Page", - "URL": "https://www.gaia-gis.it/fossil/freexl/home" - }, - { - "Type": "vendor", - "Name": "Google Groups", - "VulinfoID": "Five heap-buffer-overflow vulnerabilities of FreeXL 1.0.4", - "URL": "https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7436", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7436" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7436", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7436" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T12:25:56+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T12:25:56+09:00", - "DateLastUpdated": "2018-03-19T12:25:56+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001989", - "VulinfoData": { - "Title": "FreeXL におけるバッファエラーの脆弱性", - "Overview": "FreeXL には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "Alessandro Furieri", - "ProductName": "FreeXL", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:gaia-gis:freexl" - }, - "VersionNumber": [ - "1.0.5 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FreeXL", - "VulinfoID": "Top Page", - "URL": "https://www.gaia-gis.it/fossil/freexl/home" - }, - { - "Type": "vendor", - "Name": "Google Groups", - "VulinfoID": "Five heap-buffer-overflow vulnerabilities of FreeXL 1.0.4", - "URL": "https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7437", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7437" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7437", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7437" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T12:25:57+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T12:25:57+09:00", - "DateLastUpdated": "2018-03-19T12:25:57+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001990", - "VulinfoData": { - "Title": "FreeXL におけるバッファエラーの脆弱性", - "Overview": "FreeXL には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "Alessandro Furieri", - "ProductName": "FreeXL", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:gaia-gis:freexl" - }, - "VersionNumber": [ - "1.0.5 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FreeXL", - "VulinfoID": "Top Page", - "URL": "https://www.gaia-gis.it/fossil/freexl/home" - }, - { - "Type": "vendor", - "Name": "Google Groups", - "VulinfoID": "Five heap-buffer-overflow vulnerabilities of FreeXL 1.0.4", - "URL": "https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7438", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7438" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7438", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7438" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T12:25:58+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T12:25:58+09:00", - "DateLastUpdated": "2018-03-19T12:25:58+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001991", - "VulinfoData": { - "Title": "FreeXL におけるバッファエラーの脆弱性", - "Overview": "FreeXL には、バッファエラーの脆弱性が存在します。", - "Affected": [ - { - "Name": "Alessandro Furieri", - "ProductName": "FreeXL", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:gaia-gis:freexl" - }, - "VersionNumber": [ - "1.0.5 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "FreeXL", - "VulinfoID": "Top Page", - "URL": "https://www.gaia-gis.it/fossil/freexl/home" - }, - { - "Type": "vendor", - "Name": "Google Groups", - "VulinfoID": "Five heap-buffer-overflow vulnerabilities of FreeXL 1.0.4", - "URL": "https://groups.google.com/forum/#%21topic/spatialite-users/b-d9iB5TDPE" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-7439", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7439" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-7439", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-7439" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-119", - "Title": "バッファエラー", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-119.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T12:25:59+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T12:25:59+09:00", - "DateLastUpdated": "2018-03-19T12:25:59+09:00", - "DatePublic": "2018-02-22T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001992", - "VulinfoData": { - "Title": "GNOME librsvg における証明書・パスワードの管理に関する脆弱性", - "Overview": "GNOME librsvg には、証明書・パスワードの管理に関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Debian", - "ProductName": "Debian GNU/Linux", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:debian:debian_linux" - }, - "VersionNumber": [ - "7.0" - ] - }, - { - "Name": "GNOME Project", - "ProductName": "librsvg", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:gnome:librsvg" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Debian", - "VulinfoID": "[SECURITY] [DLA 1278-1] librsvg security update", - "URL": "https://lists.debian.org/debian-lts-announce/2018/02/msg00013.html" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Merge branch 'no-xrefs-in-paint-servers'", - "URL": "https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Fixed possible credentials leaking reported by Alex Birsan.", - "URL": "https://github.com/ImageMagick/librsvg/commit/f9d69eadd2b16b00d1a1f9f286122123f8e547dd" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000041", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000041" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000041", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000041" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-255", - "Title": "証明書・パスワードの管理", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-255.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:00:40+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:00:40+09:00", - "DateLastUpdated": "2018-03-19T15:00:40+09:00", - "DatePublic": "2018-02-12T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001993", - "VulinfoData": { - "Title": "Epson AirPrint におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Epson AirPrint には、クロスサイトスクリプティングの脆弱性が存在します。", - "Affected": [ - { - "Name": "セイコーエプソン株式会社", - "ProductName": "Epson AirPrint", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:epson:airprint" - }, - "VersionNumber": [ - "January 19, 2018 より前" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "EPSON", - "VulinfoID": "Cross Site Scripting Vulnerability in Epson Web Configuration Page for AirPrint", - "URL": "https://epson.com/support/wa00860" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-5550", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5550" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-5550", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-5550" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:00:41+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:00:41+09:00", - "DateLastUpdated": "2018-03-19T15:00:41+09:00", - "DatePublic": "2018-01-19T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001994", - "VulinfoData": { - "Title": "Anymail における情報漏えいに関する脆弱性", - "Overview": "Anymail (別名 django-anymail) には、情報漏えいに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "Debian", - "ProductName": "Debian GNU/Linux", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:debian:debian_linux" - }, - "VersionNumber": [ - "9.0" - ] - }, - { - "Name": "django-anymail project", - "ProductName": "Anymail", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:django-anymail_project:django-anymail" - }, - "VersionNumber": [ - "1.2.1 未満" - ] - } - ], - "Impact": { - "Description": "情報を取得される、および情報を改ざんされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", - "BaseScore": "6.4", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "BaseScore": "9.1", - "Severity": "Critical" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Debian Bug report logs", - "VulinfoID": "889450", - "URL": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889450" - }, - { - "Type": "vendor", - "Name": "Debian Security Advisory", - "VulinfoID": "DSA-4107", - "URL": "https://www.debian.org/security/2018/dsa-4107" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Security: prevent timing attack on WEBHOOK_AUTHORIZATION secret (c079983)", - "URL": "https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Security: prevent timing attack on WEBHOOK_AUTHORIZATION secret (db586ed)", - "URL": "https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "v1.2.1", - "URL": "https://github.com/anymail/django-anymail/releases/tag/v1.2.1" - }, - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "v1.3", - "URL": "https://github.com/anymail/django-anymail/releases/tag/v1.3" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-6596", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6596" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-6596", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-6596" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T15:00:42+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T15:00:42+09:00", - "DateLastUpdated": "2018-03-19T15:00:42+09:00", - "DatePublic": "2018-02-03T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012510", - "VulinfoData": { - "Title": "Android のシステムにおける情報漏えいに関する脆弱性", - "Overview": "Android のシステム (ui) には、情報漏えいに関する脆弱性が存在します。 本脆弱性は、Android ID: A-38258991 として公開されています。", - "Affected": [ - { - "Name": "Google", - "ProductName": "Android", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:google:android" - }, - "VersionNumber": [ - "5.1.1", - "6.0", - "6.0.1", - "7.0", - "7.1.1", - "7.1.2", - "8.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Android Open Source Project", - "VulinfoID": "Pixel/Nexus のセキュリティに関する公開情報 - 2018 年 2 月", - "URL": "https://source.android.com/security/bulletin/pixel/2018-02-01" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-13243", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13243" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-13243", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13243" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T11:26:51+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T11:26:51+09:00", - "DateLastUpdated": "2018-03-19T11:26:51+09:00", - "DatePublic": "2017-08-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012511", - "VulinfoData": { - "Title": "Android の Upstream カーネルのネットワークドライバにおける情報漏えいに関する脆弱性", - "Overview": "Android の Upstream カーネルのネットワークドライバには、情報漏えいに関する脆弱性が存在します。 本脆弱性は、Android ID: A-36279469 として公開されています。", - "Affected": [ - { - "Name": "Google", - "ProductName": "Android", - "Cpe": { - "version": "2.2", - "value": "cpe:/o:google:android" - }, - "VersionNumber": [ - "" - ] - } - ], - "Impact": { - "Description": "情報を取得される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "BaseScore": "5", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "BaseScore": "7.5", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Android Open Source Project", - "VulinfoID": "Pixel/Nexus のセキュリティに関する公開情報 - 2018 年 2 月", - "URL": "https://source.android.com/security/bulletin/pixel/2018-02-01" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-13246", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13246" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-13246", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-13246" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-200", - "Title": "情報漏えい", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-200.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T11:26:52+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T11:26:52+09:00", - "DateLastUpdated": "2018-03-19T11:26:52+09:00", - "DatePublic": "2017-08-23T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2017-012512", - "VulinfoData": { - "Title": "IBM Notes におけるコマンドインジェクションの脆弱性", - "Overview": "IBM Notes には、コマンドインジェクションの脆弱性が存在します。 ベンダは、本脆弱性を IBM X-Force ID: 134807 として公開しています。", - "Affected": [ - { - "Name": "IBM", - "ProductName": "IBM Client Application Access", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ibm:client_application_access" - }, - "VersionNumber": [ - "" - ] - }, - { - "Name": "IBM", - "ProductName": "IBM Notes", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:ibm:notes" - }, - "VersionNumber": [ - "8.5", - "9.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "4.6", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "BaseScore": "5.3", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "IBM Support Document", - "VulinfoID": "2010766", - "URL": "http://www-01.ibm.com/support/docview.wss?uid=swg22010766" - }, - { - "Type": "vendor", - "Name": "IBM Support Document", - "VulinfoID": "2010767", - "URL": "http://www-01.ibm.com/support/docview.wss?uid=swg22010767" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-1720", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1720" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2017-1720", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2017-1720" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-77", - "Title": "コマンドインジェクション", - "URL": "https://cwe.mitre.org/data/definitions/77.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T11:26:53+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T11:26:53+09:00", - "DateLastUpdated": "2018-03-19T11:26:53+09:00", - "DatePublic": "2017-11-19T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001983", - "VulinfoData": { - "Title": "NASA Singledop における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "NASA Singledop には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "NASA", - "ProductName": "SingleDop", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:nasa:singledop" - }, - "VersionNumber": [ - "1.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "SingleDop v1.1 #19", - "URL": "https://github.com/nasa/SingleDop/pull/19" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000045", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000045" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000045", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000045" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T10:52:19+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T10:52:19+09:00", - "DateLastUpdated": "2018-03-19T10:52:19+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001984", - "VulinfoData": { - "Title": "NASA Pyblock における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "NASA Pyblock には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "NASA", - "ProductName": "Pyblock", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:nasa:pyblock" - }, - "VersionNumber": [ - "1.0 から 1.3" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "7.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Master #5", - "URL": "https://github.com/nasa/PyBlock/pull/5" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000046", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000046" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000046", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000046" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T10:52:20+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T10:52:20+09:00", - "DateLastUpdated": "2018-03-19T10:52:20+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001985", - "VulinfoData": { - "Title": "NASA Kodiak における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "NASA Kodiak には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "NASA", - "ProductName": "Kodiak", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:nasa:kodiak" - }, - "VersionNumber": [ - "1.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Remote code execution in Kodiak #5", - "URL": "https://github.com/nasa/Kodiak/issues/5" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000047", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000047" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000047", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000047" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T10:52:21+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T10:52:21+09:00", - "DateLastUpdated": "2018-03-19T10:52:21+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-001986", - "VulinfoData": { - "Title": "NASA RtRetrievalFramework における信頼性のないデータのデシリアライゼーションに関する脆弱性", - "Overview": "NASA RtRetrievalFramework には、信頼性のないデータのデシリアライゼーションに関する脆弱性が存在します。", - "Affected": [ - { - "Name": "NASA", - "ProductName": "RT Retrieval Framework", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:nasa:rtretrievalframework" - }, - "VersionNumber": [ - "1.0" - ] - } - ], - "Impact": { - "Description": "情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "BaseScore": "6.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "ベンダ情報および参考情報を参照して適切な対策を実施してください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "GitHub", - "VulinfoID": "Remote code execution RtRetrievalFramework #1", - "URL": "https://github.com/nasa/RtRetrievalFramework/issues/1" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-1000048", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000048" - }, - { - "Type": "advisory", - "Name": "National Vulnerability Database (NVD)", - "VulinfoID": "CVE-2018-1000048", - "URL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000048" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-502", - "Title": "信頼性のないデータのデシリアライゼーション", - "URL": "https://cwe.mitre.org/data/definitions/502.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-19T10:52:22+09:00", - "Description": "[2018年03月19日]\\n 掲載" - } - ], - "DateFirstPublished": "2018-03-19T10:52:22+09:00", - "DateLastUpdated": "2018-03-19T10:52:22+09:00", - "DatePublic": "2018-02-09T00:00:00+09:00" - } - } - ] -} diff --git a/vuldef/vuldef.go b/vuldef/vuldef.go index c43cede..09c9957 100644 --- a/vuldef/vuldef.go +++ b/vuldef/vuldef.go @@ -3,8 +3,6 @@ package vuldef import ( "encoding/json" "encoding/xml" - "sort" - "strings" "github.com/spiegel-im-spiegel/go-myjvn/values" ) @@ -89,16 +87,6 @@ func (vuln *VULDEF) Append(appnd *VULDEF) { vuln.Vulinfo = append(vuln.Vulinfo, appnd.Vulinfo...) } -//SortByID sorts Vulinfo data by VulinfoID -func (vuln *VULDEF) SortByID(reverseFlag bool) { - sort.Slice(vuln.Vulinfo, func(i int, j int) bool { - if reverseFlag { - return strings.Compare(vuln.Vulinfo[i].VulinfoID, vuln.Vulinfo[j].VulinfoID) > 0 - } - return strings.Compare(vuln.Vulinfo[i].VulinfoID, vuln.Vulinfo[j].VulinfoID) < 0 - }) -} - /* Copyright 2018 Spiegel * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/vuldef/vuldef_test.go b/vuldef/vuldef_test.go index 419633c..364f57e 100644 --- a/vuldef/vuldef_test.go +++ b/vuldef/vuldef_test.go @@ -839,552 +839,6 @@ xml:lang="ja"> } } ] -}` - res3b = `{ - "Vulinfo": [ - { - "VulinfoID": "JVNDB-2018-000024", - "VulinfoData": { - "Title": "CG-WGR1200 における複数の脆弱性", - "Overview": "株式会社コレガが提供する CG-WGR1200 は無線 LAN ルータです。CG-WGR1200 には、次の複数の脆弱性が存在します。 ・バッファオーバーフロー (CWE-119) - CVE-2017-10852 ・OS コマンドインジェクション (CWE-78) - CVE-2017-10853 ・認証不備 (CWE-306) - CVE-2017-10854 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 三井物産セキュアディレクション株式会社 塚本 泰三 氏", - "Affected": [ - { - "Name": "株式会社コレガ", - "ProductName": "CG-WGR1200", - "Cpe": { - "version": "2.2", - "value": "cpe:/h:corega:cg-wgr1200" - }, - "VersionNumber": [ - "ファームウエア 2.20 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "想定される影響は各脆弱性により異なりますが、次のような影響を受ける可能性があります。 ・当該製品にアクセス可能な第三者によって、任意のコードを実行される - CVE-2017-10852 ・当該製品にアクセス可能な第三者によって、任意の OS コマンドを実行される - CVE-2017-10853 ・当該製品にアクセス可能な第三者によって、ログインパスワードを変更される。結果として、管理画面にログインされ、当該機器の設定変更といった任意の操作がおこなわれる - CVE-2017-10854", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "5.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "[CG-WGR1200 を使用しない] CG-WGR1200 を使用しないでください。CG-WGR1200 のサポートは終了しているため、対策版ファームウェアのリリース予定はありません。 [ワークアラウンドを実施する] CG-WGR1200 のサポートは終了しているため、対策版ファームウェアのリリース予定はありませんが、当該製品を引き続き使用する場合には、次の回避策を実施し、脆弱性による影響を軽減するようにしてください。 ・第三者が外部から当該製品にアクセスできないようリモート接続機能を無効にする ・LAN 内からルータに対する不正なアクセスを防止する 詳しくは、開発者が提供する情報をご確認ください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "corega", - "VulinfoID": "CG-WGR1200 における複数の脆弱性について", - "URL": "http://corega.jp/support/security/20180309_wgr1200.htm" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-10852", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10852" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-10853", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10853" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-10854", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10854" - }, - { - "Type": "advisory", - "Name": "JVN", - "VulinfoID": "JVN#15201064", - "URL": "https://jvn.jp/jp/JVN15201064/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-78", - "Title": "OSコマンドインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-78.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-19", - "Title": "データ処理", - "URL": "https://cwe.mitre.org/data/definitions/19.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-09T12:06:58+09:00", - "Description": "[2018年03月09日]\\n 掲載\\n" - } - ], - "DateFirstPublished": "2018-03-09T12:04:48+09:00", - "DateLastUpdated": "2018-03-09T12:04:48+09:00", - "DatePublic": "2018-03-09T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-000023", - "VulinfoData": { - "Title": "WordPress 用プラグイン WP All Import におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Soflyy が提供する WordPress 用プラグイン WP All Import には、反射型のクロスサイトスクリプティング (CWE-79) の脆弱性が存在します。 なお、本脆弱性は JVN#33527174 とは異なる問題です。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: NTTコミュニケーションズ株式会社 東内裕二 氏", - "Affected": [ - { - "Name": "Soflyy", - "ProductName": "WP All Import", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:misc:soflyy_wp_all_import" - }, - "VersionNumber": [ - "3.4.7 より前のバージョン" - ] - } - ], - "Impact": { - "Description": "当該製品にログインしているユーザのウェブブラウザ上で、任意のスクリプトを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "BaseScore": "2.6", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Changeset 1827741 - WordPress Plugin Repository", - "URL": "https://plugins.trac.wordpress.org/changeset/1827741/" - }, - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Import any XML or CSV File to WordPress - WordPress Plugins - Changelog", - "URL": "https://wordpress.org/plugins/wp-all-import/#developers" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-0547", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0547" - }, - { - "Type": "advisory", - "Name": "JVN", - "VulinfoID": "JVN#60032768", - "URL": "https://jvn.jp/jp/JVN60032768/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-07T16:15:05+09:00", - "Description": "[2018年03月08日]\\n 掲載\\n" - } - ], - "DateFirstPublished": "2018-03-08T12:04:53+09:00", - "DateLastUpdated": "2018-03-08T12:04:53+09:00", - "DatePublic": "2018-03-08T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-000022", - "VulinfoData": { - "Title": "WordPress 用プラグイン WP All Import におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Soflyy が提供する WordPress 用プラグイン WP All Import には、ファイルアップロード機能に関するクロスサイトスクリプティング (CWE-79) の脆弱性が存在します。 なお、本脆弱性は JVN#60032768 とは異なる問題です。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: ゲヒルン株式会社 マルダン ムイデン 氏", - "Affected": [ - { - "Name": "Soflyy", - "ProductName": "WP All Import", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:misc:soflyy_wp_all_import" - }, - "VersionNumber": [ - "3.4.6 より前のバージョン" - ] - } - ], - "Impact": { - "Description": "ユーザのウェブブラウザ上で任意のスクリプトを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Changeset 1742744 - WordPress Plugin Repository", - "URL": "https://plugins.trac.wordpress.org/changeset/1742744/" - }, - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Import any XML or CSV File to WordPress - WordPress Plugins - Changelog", - "URL": "https://wordpress.org/plugins/wp-all-import/#developers" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-0546", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0546" - }, - { - "Type": "advisory", - "Name": "JVN", - "VulinfoID": "JVN#33527174", - "URL": "https://jvn.jp/jp/JVN33527174/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-02T15:12:18+09:00", - "Description": "[2018年03月08日]\\n 掲載\\n" - } - ], - "DateFirstPublished": "2018-03-08T12:02:28+09:00", - "DateLastUpdated": "2018-03-08T12:02:28+09:00", - "DatePublic": "2018-03-08T00:00:00+09:00" - } - } - ] -}` - res3c = `{ - "Vulinfo": [ - { - "VulinfoID": "JVNDB-2018-000022", - "VulinfoData": { - "Title": "WordPress 用プラグイン WP All Import におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Soflyy が提供する WordPress 用プラグイン WP All Import には、ファイルアップロード機能に関するクロスサイトスクリプティング (CWE-79) の脆弱性が存在します。 なお、本脆弱性は JVN#60032768 とは異なる問題です。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: ゲヒルン株式会社 マルダン ムイデン 氏", - "Affected": [ - { - "Name": "Soflyy", - "ProductName": "WP All Import", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:misc:soflyy_wp_all_import" - }, - "VersionNumber": [ - "3.4.6 より前のバージョン" - ] - } - ], - "Impact": { - "Description": "ユーザのウェブブラウザ上で任意のスクリプトを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", - "BaseScore": "4.3", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Changeset 1742744 - WordPress Plugin Repository", - "URL": "https://plugins.trac.wordpress.org/changeset/1742744/" - }, - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Import any XML or CSV File to WordPress - WordPress Plugins - Changelog", - "URL": "https://wordpress.org/plugins/wp-all-import/#developers" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-0546", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0546" - }, - { - "Type": "advisory", - "Name": "JVN", - "VulinfoID": "JVN#33527174", - "URL": "https://jvn.jp/jp/JVN33527174/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-02T15:12:18+09:00", - "Description": "[2018年03月08日]\\n 掲載\\n" - } - ], - "DateFirstPublished": "2018-03-08T12:02:28+09:00", - "DateLastUpdated": "2018-03-08T12:02:28+09:00", - "DatePublic": "2018-03-08T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-000023", - "VulinfoData": { - "Title": "WordPress 用プラグイン WP All Import におけるクロスサイトスクリプティングの脆弱性", - "Overview": "Soflyy が提供する WordPress 用プラグイン WP All Import には、反射型のクロスサイトスクリプティング (CWE-79) の脆弱性が存在します。 なお、本脆弱性は JVN#33527174 とは異なる問題です。 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: NTTコミュニケーションズ株式会社 東内裕二 氏", - "Affected": [ - { - "Name": "Soflyy", - "ProductName": "WP All Import", - "Cpe": { - "version": "2.2", - "value": "cpe:/a:misc:soflyy_wp_all_import" - }, - "VersionNumber": [ - "3.4.7 より前のバージョン" - ] - } - ], - "Impact": { - "Description": "当該製品にログインしているユーザのウェブブラウザ上で、任意のスクリプトを実行される可能性があります。", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", - "BaseScore": "2.6", - "Severity": "Low" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "BaseScore": "6.1", - "Severity": "Medium" - } - ] - }, - "Solution": { - "Description": "[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Changeset 1827741 - WordPress Plugin Repository", - "URL": "https://plugins.trac.wordpress.org/changeset/1827741/" - }, - { - "Type": "vendor", - "Name": "Soflyy", - "VulinfoID": "Import any XML or CSV File to WordPress - WordPress Plugins - Changelog", - "URL": "https://wordpress.org/plugins/wp-all-import/#developers" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2018-0547", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0547" - }, - { - "Type": "advisory", - "Name": "JVN", - "VulinfoID": "JVN#60032768", - "URL": "https://jvn.jp/jp/JVN60032768/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-79", - "Title": "クロスサイトスクリプティング", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-07T16:15:05+09:00", - "Description": "[2018年03月08日]\\n 掲載\\n" - } - ], - "DateFirstPublished": "2018-03-08T12:04:53+09:00", - "DateLastUpdated": "2018-03-08T12:04:53+09:00", - "DatePublic": "2018-03-08T00:00:00+09:00" - } - }, - { - "VulinfoID": "JVNDB-2018-000024", - "VulinfoData": { - "Title": "CG-WGR1200 における複数の脆弱性", - "Overview": "株式会社コレガが提供する CG-WGR1200 は無線 LAN ルータです。CG-WGR1200 には、次の複数の脆弱性が存在します。 ・バッファオーバーフロー (CWE-119) - CVE-2017-10852 ・OS コマンドインジェクション (CWE-78) - CVE-2017-10853 ・認証不備 (CWE-306) - CVE-2017-10854 この脆弱性情報は、情報セキュリティ早期警戒パートナーシップに基づき下記の方が IPA に報告し、JPCERT/CC が開発者との調整を行いました。 報告者: 三井物産セキュアディレクション株式会社 塚本 泰三 氏", - "Affected": [ - { - "Name": "株式会社コレガ", - "ProductName": "CG-WGR1200", - "Cpe": { - "version": "2.2", - "value": "cpe:/h:corega:cg-wgr1200" - }, - "VersionNumber": [ - "ファームウエア 2.20 およびそれ以前" - ] - } - ], - "Impact": { - "Description": "想定される影響は各脆弱性により異なりますが、次のような影響を受ける可能性があります。 ・当該製品にアクセス可能な第三者によって、任意のコードを実行される - CVE-2017-10852 ・当該製品にアクセス可能な第三者によって、任意の OS コマンドを実行される - CVE-2017-10853 ・当該製品にアクセス可能な第三者によって、ログインパスワードを変更される。結果として、管理画面にログインされ、当該機器の設定変更といった任意の操作がおこなわれる - CVE-2017-10854", - "Cvss": [ - { - "Version": "2.0", - "BaseVector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", - "BaseScore": "5.8", - "Severity": "Medium" - }, - { - "Version": "3.0", - "BaseVector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "BaseScore": "8.8", - "Severity": "High" - } - ] - }, - "Solution": { - "Description": "[CG-WGR1200 を使用しない] CG-WGR1200 を使用しないでください。CG-WGR1200 のサポートは終了しているため、対策版ファームウェアのリリース予定はありません。 [ワークアラウンドを実施する] CG-WGR1200 のサポートは終了しているため、対策版ファームウェアのリリース予定はありませんが、当該製品を引き続き使用する場合には、次の回避策を実施し、脆弱性による影響を軽減するようにしてください。 ・第三者が外部から当該製品にアクセスできないようリモート接続機能を無効にする ・LAN 内からルータに対する不正なアクセスを防止する 詳しくは、開発者が提供する情報をご確認ください。" - }, - "Related": [ - { - "Type": "vendor", - "Name": "corega", - "VulinfoID": "CG-WGR1200 における複数の脆弱性について", - "URL": "http://corega.jp/support/security/20180309_wgr1200.htm" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-10852", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10852" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-10853", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10853" - }, - { - "Type": "advisory", - "Name": "Common Vulnerabilities and Exposures (CVE)", - "VulinfoID": "CVE-2017-10854", - "URL": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10854" - }, - { - "Type": "advisory", - "Name": "JVN", - "VulinfoID": "JVN#15201064", - "URL": "https://jvn.jp/jp/JVN15201064/index.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-78", - "Title": "OSコマンドインジェクション", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-78.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-19", - "Title": "データ処理", - "URL": "https://cwe.mitre.org/data/definitions/19.html" - }, - { - "Type": "cwe", - "Name": "JVNDB", - "VulinfoID": "CWE-264", - "Title": "認可・権限・アクセス制御", - "URL": "https://jvndb.jvn.jp/ja/cwe/CWE-264.html" - } - ], - "History": [ - { - "HistoryNo": 1, - "DateTime": "2018-03-09T12:06:58+09:00", - "Description": "[2018年03月09日]\\n 掲載\\n" - } - ], - "DateFirstPublished": "2018-03-09T12:04:48+09:00", - "DateLastUpdated": "2018-03-09T12:04:48+09:00", - "DatePublic": "2018-03-09T00:00:00+09:00" - } - } - ] }` ) @@ -1435,50 +889,6 @@ func TestAppend(t *testing.T) { } } -func TestSortReverse(t *testing.T) { - vuln1, err := Unmarshal([]byte(data1)) - if err != nil { - t.Errorf("Unmarshal() = \"%v\", want nil.", err) - return - } - vuln2, err := Unmarshal([]byte(data2)) - if err != nil { - t.Errorf("Unmarshal() = \"%v\", want nil.", err) - } - vuln1.Append(vuln2) - vuln1.SortByID(true) - json, err := vuln1.JSON(" ") - if err != nil { - t.Errorf("JSON() = \"%v\", want nil.", err) - return - } - if string(json) != res3b { - t.Errorf("Unmarshal().JSON() = \"%v\", want \"%v\".", string(json), res3b) - } -} - -func TestSort(t *testing.T) { - vuln1, err := Unmarshal([]byte(data1)) - if err != nil { - t.Errorf("Unmarshal() = \"%v\", want nil.", err) - return - } - vuln2, err := Unmarshal([]byte(data2)) - if err != nil { - t.Errorf("Unmarshal() = \"%v\", want nil.", err) - } - vuln1.Append(vuln2) - vuln1.SortByID(false) - json, err := vuln1.JSON(" ") - if err != nil { - t.Errorf("JSON() = \"%v\", want nil.", err) - return - } - if string(json) != res3c { - t.Errorf("Unmarshal().JSON() = \"%v\", want \"%v\".", string(json), res3c) - } -} - /* Copyright 2018 Spiegel * * Licensed under the Apache License, Version 2.0 (the "License");