CVE-2024-45504

Summary

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.

Affected Software

VendorProductVersion RangeStatus
Alps System Integration Co., Ltd.InterSafe WebFilterprior to V9.1SP4 Build1653affected
Alps System Integration Co., Ltd.InterSafe LogDirectorversions before the replacement file released on 2024 September 9affected
Alps System Integration Co., Ltd.InterSafe GatewayConnectionversions before 2024 July 20 maintenanceaffected
Alps System Integration Co., Ltd.InterSafe LogNavigatorprior to Ver.1.1.1affected
Alps System Integration Co., Ltd.InterSafe CATSversions before 2024 July 4 maintenanceaffected
Alps System Integration Co., Ltd.InterSafe MobileSecurityversions before 2024 August 31 maintenanceaffected
Trend Micro IncorporatedInterScan WebManager9.0affected
Trend Micro IncorporatedInterScan WebManager9.0 Service Pack 1affected
Trend Micro IncorporatedInterScan WebManager9.1affected
Trend Micro IncorporatedInterScan WebManager9.1 Service Pack 1affected
Trend Micro IncorporatedInterScan WebManager9.1 Service Pack 2affected
Trend Micro IncorporatedInterScan WebManager9.1 Service Pack 3affected
Trend Micro IncorporatedInterScan WebManagerand 9.1 Service Pack 4affected
MIROKU JYOHO SERVICE CO., LTD.MJS WebFilteringversions before 2024 July 4 maintenanceaffected
Hammock CorporationAssetView Fversions before 2024 July 4 maintenanceaffected
MOTEX Inc.LANSCOPE EndpointManager WebFilteringversions before 2024 July 4 maintenanceaffected
AXSEED,Inc.SPPM BizBrowserversions before 2024 June 18 maintenanceaffected
AXSEED,Inc.SPPM Secure Filteringversions before 2024 July 20 maintenanceaffected
QualitySoft CorporationURL Filteringversions before 2024 July 4 maintenanceaffected
JMA Systems CorporationKAITO SecureBrowserversions before 2024 July 4 maintenanceaffected

Weaknesses

  • Cross-site request forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References