MidnightBSD

Advisories for nttdata

CVE-2015-7786 MEDIUM

Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
nttdata web_analytics_service *
CVE-2016-1183 MEDIUM

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
nttdata terasoluna_server_framework_for_java_web 2.0.1.0
nttdata terasoluna_server_framework_for_java_web 2.0.6.1
nttdata terasoluna_server_framework_for_java_web 2.0.2.0
nttdata terasoluna_server_framework_for_java_web 2.0.0.2
nttdata terasoluna_server_framework_for_java_web 2.0.0.1
nttdata terasoluna_server_framework_for_java_web 2.0.5.3
nttdata terasoluna_server_framework_for_java_web 2.0.5.2
nttdata terasoluna_server_framework_for_java_web 2.0.5.1
CVE-2020-5523 MEDIUM

Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
ashikagabank ashigin *
nttdata mypallete -
shikokubank shikoku_bank *
hokkaidobank dogin *
naganobank nagagin *
tohoku-bank tougin *
77bank 77_bank *
hokugin hokuriku_bank_portal *
sihd-bk ikeda_senshu_bank *
CVE-2022-43484

TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLUNA Server Framework for Java (Rich) 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an improper input validation issue in the binding mechanism of Spring MVC. By the application processing a specially crafted file, arbitrary code may be executed with the privileges of the application.

Products Affected

Vendor Product Version
nttdata terasoluna_global_framework 1.0.0
nttdata terasoluna_server_framework_for_java_(rich) *