CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39379
https://notcve.org/view.php?id=CVE-2023-39379
04 Aug 2023 — Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. Fujitsu So... • https://jvn.jp/en/jp/JVN38847224 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 43%CPEs: 22EXPL: 0CVE-2023-38433
https://notcve.org/view.php?id=CVE-2023-38433
26 Jul 2023 — Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L0... • https://jvn.jp/en/jp/JVN95727578 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2023-38555
https://notcve.org/view.php?id=CVE-2023-38555
26 Jul 2023 — Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110... • https://jvn.jp/en/vu/JVNVU96643580 • CWE-287: Improper Authentication •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22377
https://notcve.org/view.php?id=CVE-2023-22377
15 Feb 2023 — Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file. • https://github.com/tsClinical/tsc-desktop/security/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-31795
https://notcve.org/view.php?id=CVE-2022-31795
20 Jun 2022 — An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. Se ha detectado un problema en los dispositivos Fujitsu ETERNUS CentricStor ... • https://cwe.mitre.org/data/definitions/78.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 1CVE-2022-31794
https://notcve.org/view.php?id=CVE-2022-31794
20 Jun 2022 — An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. Se ha detectado un problema en los dispositivos Fujitsu ETERNUS CentricStor CS8000 (Control Center) versione... • https://cwe.mitre.org/data/definitions/78.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 92EXPL: 0CVE-2022-29516
https://notcve.org/view.php?id=CVE-2022-29516
18 May 2022 — The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. La consola web de la serie IPCOM de FUJITSU Network (IPCOM EX2 I... • https://jvn.jp/en/jp/JVN96561229/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 1CVE-2022-28806
https://notcve.org/view.php?id=CVE-2022-28806
04 May 2022 — An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communicati... • http://www.fmworld.net/biz/common/insyde/20220210 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27089
https://notcve.org/view.php?id=CVE-2022-27089
11 Apr 2022 — In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. En Fujitsu PlugFree Network versiones anteriores a 7.3.0.3 incluyéndola, una ruta de servicio no citada en el software PFNService.exe permite a un atacante local escalar potencialmente privilegios a nivel del sistema • https://hansesecure.de/2022/03/schwachstelle-in-fujitsu-plugfree-network • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20722
https://notcve.org/view.php?id=CVE-2021-20722
24 May 2021 — Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 and the Software Download Installer prior to WinSSInst2JP.exe and WinSSInst2iX1500JP.exe allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en los instaladores de ScanSnap Manager anteriores a las versiones V7.0L20 y el instalador de descar... • https://jvn.jp/en/jp/JVN65733194/index.html • CWE-427: Uncontrolled Search Path Element •