CVE-2024-45504

Description

Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.

CVSS breakdown

Affected products

• Alps System Integration Co., Ltd. / InterSafe CATSversions before 2024 July 4 maintenance – versions before 2024 July 4 maintenance
• Alps System Integration Co., Ltd. / InterSafe GatewayConnectionversions before 2024 July 20 maintenance – versions before 2024 July 20 maintenance
• Alps System Integration Co., Ltd. / InterSafe LogDirectorversions before the replacement file released on 2024 September 9 – versions before the replacement file released on 2024 September 9
• Alps System Integration Co., Ltd. / InterSafe LogNavigatorprior to Ver.1.1.1 – prior to Ver.1.1.1
• Alps System Integration Co., Ltd. / InterSafe MobileSecurityversions before 2024 August 31 maintenance – versions before 2024 August 31 maintenance
• Alps System Integration Co., Ltd. / InterSafe WebFilterprior to V9.1SP4 Build1653 – prior to V9.1SP4 Build1653
• AXSEED,Inc. / SPPM BizBrowserversions before 2024 June 18 maintenance – versions before 2024 June 18 maintenance
• AXSEED,Inc. / SPPM Secure Filteringversions before 2024 July 20 maintenance – versions before 2024 July 20 maintenance
• Hammock Corporation / AssetView Fversions before 2024 July 4 maintenance – versions before 2024 July 4 maintenance
• JMA Systems Corporation / KAITO SecureBrowserversions before 2024 July 4 maintenance – versions before 2024 July 4 maintenance
• MIROKU JYOHO SERVICE CO., LTD. / MJS WebFilteringversions before 2024 July 4 maintenance – versions before 2024 July 4 maintenance
• MOTEX Inc. / LANSCOPE EndpointManager WebFilteringversions before 2024 July 4 maintenance – versions before 2024 July 4 maintenance
• QualitySoft Corporation / URL Filteringversions before 2024 July 4 maintenance – versions before 2024 July 4 maintenance
• Trend Micro Incorporated / InterScan WebManager9.1 Service Pack 1 – 9.1 Service Pack 1
• Trend Micro Incorporated / InterScan WebManager9.1 – 9.1
• Trend Micro Incorporated / InterScan WebManager9.0 Service Pack 1 – 9.0 Service Pack 1
• Trend Micro Incorporated / InterScan WebManager9.1 Service Pack 2 – 9.1 Service Pack 2
• Trend Micro Incorporated / InterScan WebManager9.0 – 9.0
• Trend Micro Incorporated / InterScan WebManager9.1 Service Pack 3 – 9.1 Service Pack 3
• Trend Micro Incorporated / InterScan WebManagerand 9.1 Service Pack 4 – and 9.1 Service Pack 4

References

• MISChttps://alsifaq.dga.jp/faq_detail.html?id=6494
• MISChttps://success.trendmicro.com/ja-JP/solution/KA-0017618
• MISChttps://www.motex.co.jp/news/notice/2024/release240909/
• MISChttps://jvn.jp/en/jp/JVN05579230/