CVE-2024-45504
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter | prior to V9.1SP4 Build1653 | affected |
| Alps System Integration Co., Ltd. | InterSafe LogDirector | versions before the replacement file released on 2024 September 9 | affected |
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection | versions before 2024 July 20 maintenance | affected |
| Alps System Integration Co., Ltd. | InterSafe LogNavigator | prior to Ver.1.1.1 | affected |
| Alps System Integration Co., Ltd. | InterSafe CATS | versions before 2024 July 4 maintenance | affected |
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity | versions before 2024 August 31 maintenance | affected |
| Trend Micro Incorporated | InterScan WebManager | 9.0 | affected |
| Trend Micro Incorporated | InterScan WebManager | 9.0 Service Pack 1 | affected |
| Trend Micro Incorporated | InterScan WebManager | 9.1 | affected |
| Trend Micro Incorporated | InterScan WebManager | 9.1 Service Pack 1 | affected |
| Trend Micro Incorporated | InterScan WebManager | 9.1 Service Pack 2 | affected |
| Trend Micro Incorporated | InterScan WebManager | 9.1 Service Pack 3 | affected |
| Trend Micro Incorporated | InterScan WebManager | and 9.1 Service Pack 4 | affected |
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering | versions before 2024 July 4 maintenance | affected |
| Hammock Corporation | AssetView F | versions before 2024 July 4 maintenance | affected |
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering | versions before 2024 July 4 maintenance | affected |
| AXSEED,Inc. | SPPM BizBrowser | versions before 2024 June 18 maintenance | affected |
| AXSEED,Inc. | SPPM Secure Filtering | versions before 2024 July 20 maintenance | affected |
| QualitySoft Corporation | URL Filtering | versions before 2024 July 4 maintenance | affected |
| JMA Systems Corporation | KAITO SecureBrowser | versions before 2024 July 4 maintenance | affected |
Weaknesses
- Cross-site request forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://alsifaq.dga.jp/faq_detail.html?id=6494
- https://success.trendmicro.com/ja-JP/solution/KA-0017618
- https://www.motex.co.jp/news/notice/2024/release240909/
- https://jvn.jp/en/jp/JVN05579230/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.