CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
51.7%
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below.
Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | Base Score: 5.4 |
CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Improper access control vulnerability (CWE-284) - CVE-2023-45210
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N | Base Score: 3.5 |
CVSS v2 | AV:N/AC:M/Au:S/C:P/I:N/A:N | Base Score: 3.5 |
Open redirect vulnerability (CWE-601) - CVE-2023-46688
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N | Base Score: 3.4 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Authentication bypass vulnerability by SAML (CWE-289) - CVE-2023-41890
This issue is caused by a vulnerability in Sustainsys.Saml2 library used in the product.
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | Base Score: 5.9 |
CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3 |
Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions that contain fixes for the vulnerabilities.
CVE-2023-34439, CVE-2023-45210, CVE-2023-46688
Pleasanter 1.3.48.0
CVE-2023-41890
Pleasanter 1.3.47.0
CVE-2023-34439, CVE-2023-45210, CVE-2023-46688
Pleasanter 1.3.47.0 and earlier versions
CVE-2023-41890
Pleasanter 1.3.46.1 and earlier versions which use SAML (Security Assertion Markup Language) authentication
The developer states that the product’s both Community Edition and Enterprise Edition are affected.
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
51.7%