Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:34328023
HistoryMar 06, 2024 - 12:00 a.m.

JVN#34328023: FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery

2024-03-0600:00:00
Japan Vulnerability Notes
jvn.jp
8
fujifilm
business innovation
printers
cross-site request forgery
vulnerability
cwe-352
administrator
workaround
obsolete models
disable web ui.

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Multiple printers provided by FUJIFILM Business Innovation Corp. contain a cross-site request forgery vulnerability (CWE-352).

Impact

If a user views a malicious page while logging in, the user information may be altered. In the case the user is an administrator, the settings such as the administratorโ€™s ID, password, etc. may be altered.

Solution

Apply workarounds
The developer states that there are some obsolite models where CSRF prevention function is not implemented.
For those models, applying the following workaround may mitigate the impact of this vulnerability.

  • Disable Web UI communication function in the productโ€™s settings

Products Affected

As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed below.

Related

openvas 1
cve 1
cvelist 1
nvd 1
openvas
openvas
Fuji Xerox / Fujifilm Printers CSRF Vulnerability (Mar 2024)
2024-05-14 00:00:00
cve
cve
CVE-2024-27974
2024-03-18 08:15:06
cvelist
cvelist
CVE-2024-27974
2024-03-18 07:59:37
nvd
nvd
CVE-2024-27974
2024-03-18 08:15:06

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for JVN:34328023
openvas1cve1cvelist1nvd1