Refine your search
27 vulnerabilities found for by RICOH COMPANY, LTD.
CVE-2026-26050 (GCVE-0-2026-26050)
Vulnerability from cvelistv5
Published
2026-02-20 08:13
Modified
2026-02-20 13:45
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-427 - Uncontrolled Search Path Element
Summary
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール |
Version: versions prior to Ver.1.3.7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T13:45:28.617862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T13:45:42.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "\u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08/\u5206\u6790\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 RICOH\u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08\u30c4\u30fc\u30eb",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions prior to Ver.1.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer for \u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08/\u5206\u6790\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 RICOH\u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08\u30c4\u30fc\u30eb versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path Element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T08:13:31.884Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.ricoh.com/bbv2/html/dr_ut_d/ut/history/w/bb/pub_j/dr_ut_d/4101031/4101031555/V137/5260588/260588/history.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN69531868/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-26050",
"datePublished": "2026-02-20T08:13:31.884Z",
"dateReserved": "2026-02-17T06:44:17.959Z",
"dateUpdated": "2026-02-20T13:45:42.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24466 (GCVE-0-2026-24466)
Vulnerability from cvelistv5
Published
2026-02-09 06:59
Modified
2026-02-09 15:43
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.4 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-428 - Unquoted search path or element
Summary
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Oki Electric Industry Co., Ltd. | See "References" section |
Version: See "References" section |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:43:38.709818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:43:46.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "See \"References\" section",
"vendor": "Oki Electric Industry Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
},
{
"product": "See \"References\" section",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
},
{
"product": "See \"References\" section",
"vendor": "Murata Machinery, Ltd.",
"versions": [
{
"status": "affected",
"version": "See \"References\" section"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted search path or element",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T06:59:30.186Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.oki.com/jp/product_security/sa_2026_0001_en.html"
},
{
"url": "https://www.oki.com/jp/printing/support/important-information/2026/info-260209/index.html"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2026-000002"
},
{
"url": "https://www.muratec.jp/ce/support/announce_sp_20260209.html"
},
{
"url": "https://jvn.jp/en/jp/JVN55395471/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-24466",
"datePublished": "2026-02-09T06:59:30.186Z",
"dateReserved": "2026-01-23T00:31:37.485Z",
"dateUpdated": "2026-02-09T15:43:46.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53869 (GCVE-0-2025-53869)
Vulnerability from cvelistv5
Published
2026-01-29 02:40
Modified
2026-01-29 19:56
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
6.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper certificate validation
Summary
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Brother Industries, Ltd. | Multiple MFPs |
Version: see the information provided by the vendor |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T19:56:17.144679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T19:56:34.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple MFPs",
"vendor": "Brother Industries, Ltd.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple MFPs",
"vendor": "Konica Minolta, Inc.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple MFPs",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper certificate validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T02:40:57.255Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13716"
},
{
"url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92878805/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-53869",
"datePublished": "2026-01-29T02:40:57.255Z",
"dateReserved": "2025-11-18T23:31:03.274Z",
"dateUpdated": "2026-01-29T19:56:34.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21409 (GCVE-0-2026-21409)
Vulnerability from cvelistv5
Published
2026-01-09 07:15
Modified
2026-01-09 18:11
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization bypass through user-controlled key
Summary
Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC (OpenID Connect) tokens may be retrieved.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | RICOH Streamline NX |
Version: 3.5.1 to 24R3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T18:11:32.736478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T18:11:55.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RICOH Streamline NX",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "3.5.1 to 24R3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user\u0027s registration information and/or OIDC (OpenID Connect) tokens may be retrieved."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization bypass through user-controlled key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T07:15:52.994Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000011"
},
{
"url": "https://jvn.jp/en/jp/JVN12770174/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21409",
"datePublished": "2026-01-09T07:15:52.994Z",
"dateReserved": "2025-12-24T07:24:57.904Z",
"dateUpdated": "2026-01-09T18:11:55.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58422 (GCVE-0-2025-58422)
Vulnerability from cvelistv5
Published
2025-09-08 04:43
Modified
2025-09-08 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-348 - Use of less trusted source
Summary
RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the product’s management tool.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | RICOH Streamline NX |
Version: versions 3.5.1 to 24R3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T18:38:37.632565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T18:38:49.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RICOH Streamline NX",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 3.5.1 to 24R3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the product\u2019s management tool."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T04:43:01.703Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000010"
},
{
"url": "https://jvn.jp/en/jp/JVN75307484/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58422",
"datePublished": "2025-09-08T04:43:01.703Z",
"dateReserved": "2025-09-03T06:29:41.944Z",
"dateUpdated": "2025-09-08T18:38:49.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41439 (GCVE-0-2025-41439)
Vulnerability from cvelistv5
Published
2025-06-30 09:16
Modified
2025-06-30 15:12
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | RICOH Streamline NX |
Version: versions 3.5.0 to 3.7.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-30T15:12:16.723838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T15:12:29.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RICOH Streamline NX",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 3.5.0 to 3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T09:16:19.377Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000008"
},
{
"url": "https://jvn.jp/en/jp/JVN24333956/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-41439",
"datePublished": "2025-06-30T09:16:19.377Z",
"dateReserved": "2025-06-20T07:06:29.717Z",
"dateUpdated": "2025-06-30T15:12:29.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49797 (GCVE-0-2025-49797)
Vulnerability from cvelistv5
Published
2025-06-25 09:25
Modified
2025-08-19 06:48
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or directories accessible to external parties
Summary
Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple driver installers for Windows |
Version: see the information provided by the vendor |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T12:22:16.386782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:41:07.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple driver installers for Windows",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple driver installers for Windows",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple driver installers for Windows",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "Files or directories accessible to external parties",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T06:48:21.242Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/s/security/"
},
{
"url": "https://www.toshibatec.com/information/20250625_01.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000009"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91819309/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-49797",
"datePublished": "2025-06-25T09:25:53.381Z",
"dateReserved": "2025-06-11T04:48:58.284Z",
"dateUpdated": "2025-08-19T06:48:21.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48825 (GCVE-0-2025-48825)
Vulnerability from cvelistv5
Published
2025-06-13 08:19
Modified
2025-06-23 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-348 - Use of less trusted source
Summary
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | RICOH Streamline NX V3 PC Client |
Version: versions 3.5.0 to 3.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:05:23.850151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T16:07:13.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RICOH Streamline NX V3 PC Client",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 3.5.0 to 3.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "Use of less trusted source",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:19:06.089Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000006"
},
{
"url": "https://jvn.jp/en/jp/JVN27937557/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-48825",
"datePublished": "2025-06-13T08:19:06.089Z",
"dateReserved": "2025-06-12T01:53:37.255Z",
"dateUpdated": "2025-06-23T16:07:13.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46783 (GCVE-0-2025-46783)
Vulnerability from cvelistv5
Published
2025-06-13 08:18
Modified
2025-06-13 15:12
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Summary
Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | RICOH Streamline NX V3 PC Client |
Version: versions 3.5.0 to 3.242.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46783",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:12:24.155092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:12:51.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RICOH Streamline NX V3 PC Client",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 3.5.0 to 3.242.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is running by tampering with specific files used on the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:18:58.850Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000005"
},
{
"url": "https://jvn.jp/en/jp/JVN27937557/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46783",
"datePublished": "2025-06-13T08:18:58.850Z",
"dateReserved": "2025-06-12T01:53:41.312Z",
"dateUpdated": "2025-06-13T15:12:51.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36506 (GCVE-0-2025-36506)
Vulnerability from cvelistv5
Published
2025-06-13 08:18
Modified
2025-06-13 15:13
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-73 - External control of file name or path
Summary
External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | RICOH Streamline NX V3 PC Client |
Version: versions 3.5.0 to 3.242.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T15:13:07.305081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T15:13:20.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RICOH Streamline NX V3 PC Client",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "versions 3.5.0 to 3.242.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files in the file system can be overwritten with log data."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External control of file name or path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:18:49.469Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000004"
},
{
"url": "https://jvn.jp/en/jp/JVN27937557/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-36506",
"datePublished": "2025-06-13T08:18:49.469Z",
"dateReserved": "2025-06-12T01:53:40.407Z",
"dateUpdated": "2025-06-13T15:13:20.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41393 (GCVE-0-2025-41393)
Vulnerability from cvelistv5
Published
2025-05-12 08:04
Modified
2025-07-14 06:23
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site scripting (XSS)
Summary
Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ricoh Company, Ltd. | Multiple laser printers and MFPs which implement Web Image Monitor |
Version: see the information provided by the vendor |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:28:46.670592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:29:23.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple laser printers and MFPs which implement Web Image Monitor",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple MFPs which implement Web Image Monitor",
"vendor": "KONICA MINOLTA JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T06:23:13.218Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001"
},
{
"url": "https://www.konicaminolta.jp/business/support/important/250714_01_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN20474768/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-41393",
"datePublished": "2025-05-12T08:04:39.693Z",
"dateReserved": "2025-05-01T06:24:40.467Z",
"dateUpdated": "2025-07-14T06:23:13.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47939 (GCVE-0-2024-47939)
Vulnerability from cvelistv5
Published
2024-11-01 04:29
Modified
2025-05-21 07:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-121 - Stack-based buffer overflow
Summary
Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Ricoh Company, Ltd. | Multiple laser printers and MFPs which implement Web Image Monitor |
Version: see the information provided by the vendor |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T19:09:26.217173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T20:46:20.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Multiple laser printers and MFPs which implement Web Image Monitor",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple MFPs which implement Web Image Monitor",
"vendor": "KONICA MINOLTA, INC.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T07:02:10.101Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000011"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000011"
},
{
"url": "https://www.konicaminolta.jp/business/support/important/250519_01_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN87770340/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47939",
"datePublished": "2024-11-01T04:29:04.040Z",
"dateReserved": "2024-10-07T07:29:56.206Z",
"dateUpdated": "2025-05-21T07:02:10.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41995 (GCVE-0-2024-41995)
Vulnerability from cvelistv5
Published
2024-08-06 06:51
Modified
2025-03-24 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Initialization of a Resource with an Insecure Default
Summary
Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | JavaTM Platform |
Version: Ver.12.89 and earlier |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ricoh_company_ltd:javatm_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "javatm_platform",
"vendor": "ricoh_company_ltd",
"versions": [
{
"lessThan": "12.89",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:19:16.839794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:15:35.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "JavaTM Platform",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "Ver.12.89 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T06:51:51.329Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000010"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000010"
},
{
"url": "https://jvn.jp/en/jp/JVN78728294/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-41995",
"datePublished": "2024-08-06T06:51:51.329Z",
"dateReserved": "2024-07-26T00:44:59.022Z",
"dateUpdated": "2025-03-24T17:15:35.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39927 (GCVE-0-2024-39927)
Vulnerability from cvelistv5
Published
2024-07-10 06:55
Modified
2024-08-02 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Out-of-bounds write
Summary
Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Ricoh Company, Ltd. | IM C3510/C3010 |
Version: prior to System/Copy 2.00-00 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:ricoh:im_c3510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c3510",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c3010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c3010",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c6010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c6010",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c5510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c5510",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c4510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c4510",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c2510:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c2510",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c2010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c2010",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_2.00-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c7010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c7010",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.05-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_460f:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_460f",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.10-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_460ftl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_460ftl",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.10-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:370:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "370",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.10-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:370f:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "370f",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.10-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c8500:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c8500",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.04-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c8510m:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c8510m",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.04-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ricoh:im_c8500m:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "im_c8500m",
"vendor": "ricoh",
"versions": [
{
"lessThan": "system\\/copy_1.04-00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:00:42.871181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:14:08.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000008"
},
{
"tags": [
"x_transferred"
],
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000008"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN14294633/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/jp/JVN14294633/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IM C3510/C3010",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to System/Copy 2.00-00"
}
]
},
{
"product": "IM C6010/C5510/C4510",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to System/Copy 2.00-00"
}
]
},
{
"product": "IM C2510/C2010",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to System/Copy 2.00-00"
}
]
},
{
"product": "IM C7010",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to System/Copy 1.05-00"
}
]
},
{
"product": "IM 460F/460FTL/370/370F",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to System/Copy 1.10-00"
}
]
},
{
"product": "IM C8500/C8510M/C8500/C8500M",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to System 1.04-00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user\u0027s data may be destroyed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T06:55:19.636Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000008"
},
{
"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000008"
},
{
"url": "https://jvn.jp/en/jp/JVN14294633/"
},
{
"url": "https://jvn.jp/jp/JVN14294633/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39927",
"datePublished": "2024-07-10T06:55:19.636Z",
"dateReserved": "2024-07-04T00:02:54.476Z",
"dateUpdated": "2024-08-02T04:33:11.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37387 (GCVE-0-2024-37387)
Vulnerability from cvelistv5
Published
2024-06-19 06:40
Modified
2024-08-02 03:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of potentially dangerous function
Summary
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | Ricoh Streamline NX PC Client |
Version: ver.3.2.1.19 Version: ver.3.3.1.3 Version: ver.3.3.2.201 Version: ver.3.4.3.1 Version: ver.3.5.1.201 (ver.3.5.1.200op1) Version: ver.3.6.100.53 Version: and ver.3.6.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T14:51:30.816250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-676",
"description": "CWE-676 Use of Potentially Dangerous Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T14:57:55.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:56.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000007"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ricoh Streamline NX PC Client",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "ver.3.2.1.19"
},
{
"status": "affected",
"version": " ver.3.3.1.3"
},
{
"status": "affected",
"version": " ver.3.3.2.201"
},
{
"status": "affected",
"version": " ver.3.4.3.1"
},
{
"status": "affected",
"version": " ver.3.5.1.201 (ver.3.5.1.200op1)"
},
{
"status": "affected",
"version": " ver.3.6.100.53"
},
{
"status": "affected",
"version": " and ver.3.6.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of potentially dangerous function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T06:40:58.899Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000007"
},
{
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-37387",
"datePublished": "2024-06-19T06:40:58.899Z",
"dateReserved": "2024-06-07T06:42:24.850Z",
"dateUpdated": "2024-08-02T03:50:56.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37124 (GCVE-0-2024-37124)
Vulnerability from cvelistv5
Published
2024-06-19 06:40
Modified
2024-08-02 03:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of potentially dangerous function
Summary
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | Ricoh Streamline NX PC Client |
Version: ver.3.2.1.19 Version: ver.3.3.1.3 Version: ver.3.3.2.201 Version: ver.3.4.3.1 Version: ver.3.5.1.201 (ver.3.5.1.200op1) Version: ver.3.6.100.53 Version: and ver.3.6.2.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.2.1.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.3.1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.3.2.201"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.4.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.5.1.201\\/ver.3.5.1.200op1\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.6.100.53"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.6.2.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:32:35.494081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:44:52.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ricoh Streamline NX PC Client",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "ver.3.2.1.19"
},
{
"status": "affected",
"version": " ver.3.3.1.3"
},
{
"status": "affected",
"version": " ver.3.3.2.201"
},
{
"status": "affected",
"version": " ver.3.4.3.1"
},
{
"status": "affected",
"version": " ver.3.5.1.201 (ver.3.5.1.200op1)"
},
{
"status": "affected",
"version": " ver.3.6.100.53"
},
{
"status": "affected",
"version": " and ver.3.6.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of potentially dangerous function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T06:40:52.358Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006"
},
{
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-37124",
"datePublished": "2024-06-19T06:40:52.358Z",
"dateReserved": "2024-06-03T11:46:18.673Z",
"dateUpdated": "2024-08-02T03:50:54.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22475 (GCVE-0-2024-22475)
Vulnerability from cvelistv5
Published
2024-03-18 08:03
Modified
2024-10-27 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery (CSRF)
Summary
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Version: see the information provided by the vendor |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:18:38.595032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:26:34.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:09.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:03:36.146Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22475",
"datePublished": "2024-03-18T08:03:36.146Z",
"dateReserved": "2024-02-09T04:42:38.473Z",
"dateUpdated": "2024-10-27T21:26:34.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21824 (GCVE-0-2024-21824)
Vulnerability from cvelistv5
Published
2024-03-18 08:01
Modified
2024-11-07 15:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper authentication
Summary
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| BROTHER INDUSTRIES, LTD. | Multiple printers and scanners |
Version: see the information provided by the vendor |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-21824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T18:20:15.364083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:26:23.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple printers and scanners",
"vendor": "BROTHER INDUSTRIES, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "FUJIFILM Business Innovation Corp.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "Toshiba Tec Corporation",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
},
{
"product": "Multiple printers and scanners",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "see the information provided by the vendor"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T08:01:57.734Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faqp00100601_000"
},
{
"url": "https://support.brother.com/g/b/link.aspx?prod=lmgroup1\u0026faqid=faq00100823_000"
},
{
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002"
},
{
"url": "https://www.toshibatec.com/information/20240306_01.html"
},
{
"url": "https://jvn.jp/en/jp/JVN82749078/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21824",
"datePublished": "2024-03-18T08:01:57.734Z",
"dateReserved": "2024-02-09T04:42:37.389Z",
"dateUpdated": "2024-11-07T15:26:23.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30759 (GCVE-0-2023-30759)
Vulnerability from cvelistv5
Published
2023-06-19 00:00
Modified
2024-12-12 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient Verification of Data Authenticity
Summary
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ricoh Company, Ltd. | Printer Driver Packager NX |
Version: v1.0.02 to v1.1.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T20:25:41.882070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:28:30.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Printer Driver Packager NX",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "v1.0.02 to v1.1.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-30759",
"datePublished": "2023-06-19T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2024-12-12T20:28:30.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37406 (GCVE-0-2022-37406)
Vulnerability from cvelistv5
Published
2022-12-07 00:00
Modified
2025-04-23 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | Aficio SP 4210N |
Version: firmware versions prior to Web Support 1.05 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN24659622/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-37406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:07:44.998654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:08:44.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Aficio SP 4210N",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Web Support 1.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm"
},
{
"url": "https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN24659622/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-37406",
"datePublished": "2022-12-07T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:08:44.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36403 (GCVE-0-2022-36403)
Vulnerability from cvelistv5
Published
2022-09-08 07:10
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Untrusted search path vulnerability
Summary
Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | Installer of Device Software Manager |
Version: prior to Ver.2.20.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.com/software/dev_soft_manager"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN44721267/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Device Software Manager",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.20.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:44.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.com/software/dev_soft_manager"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN44721267/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-36403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Device Software Manager",
"version": {
"version_data": [
{
"version_value": "prior to Ver.2.20.3.0"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ricoh.com/software/dev_soft_manager",
"refsource": "MISC",
"url": "https://www.ricoh.com/software/dev_soft_manager"
},
{
"name": "https://jvn.jp/en/jp/JVN44721267/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN44721267/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-36403",
"datePublished": "2022-09-08T07:10:44.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:00:04.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6021 (GCVE-0-2019-6021)
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect
Summary
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | Library Information Management System LIMEDIO |
Version: all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.co.jp/limedio/user/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN45633549/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Library Information Management System LIMEDIO",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.co.jp/limedio/user/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN45633549/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Library Information Management System LIMEDIO",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ricoh.co.jp/limedio/user/",
"refsource": "MISC",
"url": "https://www.ricoh.co.jp/limedio/user/"
},
{
"name": "http://jvn.jp/en/jp/JVN45633549/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN45633549/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6021",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:24.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16185 (GCVE-0-2018-16185)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Firmware file is not signed
Summary
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | RICOH Interactive Whiteboard |
Version: D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RICOH Interactive Whiteboard",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firmware file is not signed",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RICOH Interactive Whiteboard",
"version": {
"version_data": [
{
"version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Firmware file is not signed"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55263945",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"name": "https://www.ricoh.com/info/2018/1127_1.html",
"refsource": "MISC",
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16185",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16188 (GCVE-0-2018-16188)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- SQL Injection
Summary
SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | RICOH Interactive Whiteboard |
Version: D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RICOH Interactive Whiteboard",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RICOH Interactive Whiteboard",
"version": {
"version_data": [
{
"version_value": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55263945",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"name": "https://www.ricoh.com/info/2018/1127_1.html",
"refsource": "MISC",
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16188",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16186 (GCVE-0-2018-16186)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of Hard-coded Credentials
Summary
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | RICOH Interactive Whiteboard |
Version: D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RICOH Interactive Whiteboard",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RICOH Interactive Whiteboard",
"version": {
"version_data": [
{
"version_value": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55263945",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"name": "https://www.ricoh.com/info/2018/1127_1.html",
"refsource": "MISC",
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16186",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16187 (GCVE-0-2018-16187)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to verify the server certificate
Summary
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | RICOH Interactive Whiteboard |
Version: D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RICOH Interactive Whiteboard",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to verify the server certificate",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RICOH Interactive Whiteboard",
"version": {
"version_data": [
{
"version_value": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify the server certificate"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55263945",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"name": "https://www.ricoh.com/info/2018/1127_1.html",
"refsource": "MISC",
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16187",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16184 (GCVE-0-2018-16184)
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | RICOH Interactive Whiteboard |
Version: D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RICOH Interactive Whiteboard",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#55263945",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RICOH Interactive Whiteboard",
"version": {
"version_data": [
{
"version_value": "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)"
}
]
}
}
]
},
"vendor_name": "RICOH COMPANY, LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#55263945",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN55263945/index.html"
},
{
"name": "https://www.ricoh.com/info/2018/1127_1.html",
"refsource": "MISC",
"url": "https://www.ricoh.com/info/2018/1127_1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16184",
"datePublished": "2019-01-09T22:00:00.000Z",
"dateReserved": "2018-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:17:38.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}