Description
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Reserved 2024-08-30 | Published 2024-09-10 | Updated 2024-11-04 | Assigner
jpcertProblem types
Cross-site request forgery (CSRF)
Product status
prior to V9.1SP4 Build1653
affected
versions before the replacement file released on 2024 September 9
affected
versions before 2024 July 20 maintenance
affected
prior to Ver.1.1.1
affected
versions before 2024 July 4 maintenance
affected
versions before 2024 August 31 maintenance
affected
9.0
affected
9.0 Service Pack 1
affected
9.1
affected
9.1 Service Pack 1
affected
9.1 Service Pack 2
affected
9.1 Service Pack 3
affected
and 9.1 Service Pack 4
affected
versions before 2024 July 4 maintenance
affected
versions before 2024 July 4 maintenance
affected
versions before 2024 July 4 maintenance
affected
versions before 2024 June 18 maintenance
affected
versions before 2024 July 20 maintenance
affected
versions before 2024 July 4 maintenance
affected
versions before 2024 July 4 maintenance
affected
References
alsifaq.dga.jp/faq_detail.html?id=6494
success.trendmicro.com/ja-JP/solution/KA-0017618
www.motex.co.jp/news/notice/2024/release240909/
jvn.jp/en/jp/JVN05579230/
cve.org (CVE-2024-45504)
nvd.nist.gov (CVE-2024-45504)
Download JSON
Subscribe to our newsletter to learn more about our work.