CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2024-39921
https://notcve.org/view.php?id=CVE-2024-39921
04 Sep 2024 — Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication. • https://jvn.jp/en/jp/JVN29238389 • CWE-203: Observable Discrepancy •
CVSS: 6.8EPSS: 24%CPEs: 1EXPL: 1CVE-2024-40617
https://notcve.org/view.php?id=CVE-2024-40617
17 Jul 2024 — Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked. • https://github.com/KyssK00L/CVE-2024-40617 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-33620
https://notcve.org/view.php?id=CVE-2024-33620
18 Jun 2024 — Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker. Existe una vulnerabilidad de path traversal absoluta en ID Link Manager y FUJITSU Software TIME CREATOR. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede recuperar el contenido del archivo, incluida la información confidencial del ... • https://jvn.jp/en/jp/JVN65171386 • CWE-36: Absolute Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-36454
https://notcve.org/view.php?id=CVE-2024-36454
12 Jun 2024 — Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet. El problema del uso de recursos no inicializados existe en IPCOM EX2 Series (V01L0x Series) V01L07NF0201 y anteriores, y en IPCOM VE2 Series V01L07NF0201 y anteriores. Si se aprovecha esta vulnerabilidad, el sistema puede reiniciarse o suspend... • https://jvn.jp/en/jp/JVN25594256 • CWE-908: Use of Uninitialized Resource •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4096 – Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea
https://notcve.org/view.php?id=CVE-2023-4096
19 Sep 2023 — Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. Vulnerabilidad del mecanismo de recuperación de contraseña débil en Fujitsu Arconte Áurea versión 1.5.0.0, cuya explotación podría permitir a un atacante realizar un ataque de fuerza bruta al número PIN enviado por correo electrónico para cambiar la contraseña de un u... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4095 – User enumeration vulnerability in Fujitsu Arconte Áurea
https://notcve.org/view.php?id=CVE-2023-4095
19 Sep 2023 — User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform. Vulnerabilidad de enumeración de usuarios en Arconte Áurea versión 1.5.0.0. La explotación de esta vulnerabilidad podría permitir a un atacante obtener una lista de usuarios registrados en la aplicación, obteniendo la información necesaria pa... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4094 – Weak authentication vulnerability in Fujitsu Arconte Áurea
https://notcve.org/view.php?id=CVE-2023-4094
19 Sep 2023 — ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form. El sistema de autenticación de ARCONTE Aurea, en su versión 1.5.0.0, podría permitir a un atacante realizar solicitudes de acceso incorrectas para bloquear cada cuenta legítima y provocar una Denegación... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4093 – Reflected and persistent XSS vulnerability in Fujitsu Arconte Áurea
https://notcve.org/view.php?id=CVE-2023-4093
19 Sep 2023 — Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user. Vulnerabilidad XSS reflejada y persistente en Arconte Áurea, en su versión 1.5.0.0. La explotación de esta vulnerabilidad podría permitir a un atacante inyectar código JavaS... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4092 – SQL injection vulnerability in Fujitsu Arconte Áurea
https://notcve.org/view.php?id=CVE-2023-4092
19 Sep 2023 — SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system. Vulnerabilidad de inyección SQL en Arconte Áurea, en su versión 1.5.0.0. La explotación de esta vulnerabilidad podría permitir a un atacante leer datos confidenciales de la base de datos, modifica... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39903
https://notcve.org/view.php?id=CVE-2023-39903
07 Aug 2023 — An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmwar... • https://security.ts.fujitsu.com/IndexDownload.asp?SoftwareGuid=a0131919-6d84-43b4-800e-d7f78200a70f • CWE-312: Cleartext Storage of Sensitive Information •