{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36248", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-05-22T09:00:17.964Z", "datePublished": "2024-11-26T07:38:12.712Z", "dateUpdated": "2024-11-26T07:38:12.712Z"}, "containers": {"cna": {"affected": [{"vendor": "Sharp Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Sharp Corporation listed under [References]", "status": "affected"}]}, {"vendor": "Toshiba Tec Corporation", "product": "Multiple MFPs (multifunction printers)", "versions": [{"version": "See the information provided by Toshiba Tec Corporation listed under [References]", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "problemTypes": [{"descriptions": [{"description": "Use of hard-coded credentials", "lang": "en-US", "cweId": "CWE-798", "type": "CWE"}]}], "references": [{"url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"url": "https://www.toshibatec.com/information/20240531_02.html"}, {"url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T07:38:12.712Z"}}}}

{}

{"descriptions": [{"lang": "en", "value": "API keys for some cloud services are hardcoded in the \"main\" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]."}], "id": "CVE-2024-36248", "lastModified": "2024-11-26T08:15:06.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2024-11-26T08:15:06.430", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://global.sharp/products/copier/info/info_security_2024-05.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://jp.sharp/business/print/information/info_security_2024-05.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU93051062/"}, {"source": "vultures@jpcert.or.jp", "url": "https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toshibatec.co.jp/information/20240531_02.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.toshibatec.com/information/20240531_02.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}