{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33620", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-05-22T00:23:59.245Z", "datePublished": "2024-06-18T05:44:53.121Z", "dateUpdated": "2024-08-13T19:17:23.562Z"}, "containers": {"cna": {"affected": [{"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Business Application ID Link Manager II", "versions": [{"version": "V1.8 and earlier", "status": "affected"}]}, {"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Software ID Link Manager", "versions": [{"version": "V2.0", "status": "affected"}]}, {"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Software TIME CREATOR ID Link Manager", "versions": [{"version": "V2.3.0", "status": "affected"}, {"version": " V2.3.1", "status": "affected"}, {"version": " V2.4", "status": "affected"}, {"version": " V2.5", "status": "affected"}, {"version": " V2.6", "status": "affected"}, {"version": " and V2.7", "status": "affected"}]}, {"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Software TIME CREATOR ID Link Manager", "versions": [{"version": "V3.0", "status": "affected"}, {"version": " V3.0.2", "status": "affected"}, {"version": " V3.0.2.1", "status": "affected"}, {"version": " and V3.0.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker."}], "problemTypes": [{"descriptions": [{"description": "Absolute path traversal", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"}, {"url": "https://jvn.jp/en/jp/JVN65171386/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-06-18T05:44:53.121Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:04.361Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN65171386/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-36", "lang": "en", "description": "CWE-36 Absolute Path Traversal"}]}], "affected": [{"vendor": "fujitsu", "product": "business_application_id_link_manager_ii", "cpes": ["cpe:2.3:a:fujitsu:business_application_id_link_manager_ii:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8", "versionType": "custom"}]}, {"vendor": "fujitsu", "product": "id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:id_link_manager:2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.3.0", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.3.1", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.4", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.5:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.5", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.6", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.7", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.2", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2.1:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.2.1", "status": "affected"}]}, {"vendor": "fujitsu", "product": "time_creator_id_link_manager", "cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.3", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-12T17:27:20.527344Z", "id": "CVE-2024-33620", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T19:17:23.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN65171386/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:04.361Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33620", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-12T17:27:20.527344Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fujitsu:business_application_id_link_manager_ii:*:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "business_application_id_link_manager_ii", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.8"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:id_link_manager:2.0:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "id_link_manager", "versions": [{"status": "affected", "version": "2.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.0:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "2.3.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.3.1:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "2.3.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.4:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "2.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.5:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "2.5"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.6:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "2.6"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:2.7:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "2.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "3.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "3.0.2"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.2.1:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "3.0.2.1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:fujitsu:time_creator_id_link_manager:3.0.3:*:*:*:*:*:*:*"], "vendor": "fujitsu", "product": "time_creator_id_link_manager", "versions": [{"status": "affected", "version": "3.0.3"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-12T17:27:49.388Z"}}], "cna": {"affected": [{"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Business Application ID Link Manager II", "versions": [{"status": "affected", "version": "V1.8 and earlier"}]}, {"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Software ID Link Manager", "versions": [{"status": "affected", "version": "V2.0"}]}, {"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Software TIME CREATOR ID Link Manager", "versions": [{"status": "affected", "version": "V2.3.0"}, {"status": "affected", "version": " V2.3.1"}, {"status": "affected", "version": " V2.4"}, {"status": "affected", "version": " V2.5"}, {"status": "affected", "version": " V2.6"}, {"status": "affected", "version": " and V2.7"}]}, {"vendor": "Fsas Technologies Inc.", "product": "FUJITSU Software TIME CREATOR ID Link Manager", "versions": [{"status": "affected", "version": "V3.0"}, {"status": "affected", "version": " V3.0.2"}, {"status": "affected", "version": " V3.0.2.1"}, {"status": "affected", "version": " and V3.0.3"}]}], "references": [{"url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"}, {"url": "https://jvn.jp/en/jp/JVN65171386/"}], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Absolute path traversal"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-06-18T05:44:53.121Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33620", "state": "PUBLISHED", "dateUpdated": "2024-08-13T19:17:23.562Z", "dateReserved": "2024-05-22T00:23:59.245Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-06-18T05:44:53.121Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal absoluta en ID Link Manager y FUJITSU Software TIME CREATOR. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede recuperar el contenido del archivo, incluida la informaci\u00f3n confidencial del servidor."}], "id": "CVE-2024-33620", "lastModified": "2024-08-13T20:35:09.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-18T06:15:11.053", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN65171386/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.fujitsu.com/jp/group/fsas/about/resources/security/2024/0617.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}