Refine your search

2 vulnerabilities found for RakRak Document Plus by Sumitomo Electric Information Systems Co., Ltd.

CVE-2023-49108 (GCVE-0-2023-49108)
Vulnerability from cvelistv5
Published
2023-12-04 05:08
Modified
2024-08-02 21:46
Severity ?
CWE
  • Directory traversal
Summary
Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges.
References
Impacted products
Vendor Product Version
Sumitomo Electric Information Systems Co., Ltd. RakRak Document Plus Version: Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:46:29.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rakrak.jp/RakDocSupport/rkspServlet"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN46895889/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RakRak Document Plus",
          "vendor": "Sumitomo Electric Information Systems Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0.0 to Ver.6.4.0.7 (excluding Ver.6.1.1.3a). If this vulnerability is exploited, arbitrary files on the server may be obtained or deleted by a user of the product with specific privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-04T05:08:29.398Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://rakrak.jp/RakDocSupport/rkspServlet"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN46895889/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-49108",
    "datePublished": "2023-12-04T05:08:29.398Z",
    "dateReserved": "2023-11-22T04:24:31.707Z",
    "dateUpdated": "2024-08-02T21:46:29.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2023-000121
Vulnerability from jvndb
Published
2023-12-04 13:45
Modified
2024-01-24 12:06
Severity ?
6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Summary
RakRak Document Plus vulnerable to path traversal
Details
RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22). Asato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000121.html",
  "dc:date": "2024-01-24T12:06+09:00",
  "dcterms:issued": "2023-12-04T13:45+09:00",
  "dcterms:modified": "2024-01-24T12:06+09:00",
  "description": "RakRak Document Plus provided by Sumitomo Electric Information Systems Co., Ltd. contains a path traversal vulnerability (CWE-22).\r\n\r\nAsato Masamu of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000121.html",
  "sec:cpe": {
    "#text": "cpe:/a:sei-info:rakrak_document_plus",
    "@product": "RakRak Document Plus",
    "@vendor": "Sumitomo Electric Information Systems Co., Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.7",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:C/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000121",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN46895889/index.html",
      "@id": "JVN#46895889",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-49108",
      "@id": "CVE-2023-49108",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-49108#vulnConfigurationsArea",
      "@id": "CVE-2023-49108",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    }
  ],
  "title": "RakRak Document Plus vulnerable to path traversal"
}