Vulnerabilites related to Hammock Corporation - AssetView
jvndb-2022-000027
Vulnerability from jvndb
Published
2022-04-22 13:53
Modified
2024-06-20 12:15
Severity ?
Summary
Hammock AssetView missing authentication for critical functions
Details
AssetView provided by Hammock Corporation misses authentication for some critical functions (CWE-306) on the managing server.
Denis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN54857505/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-28719 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-28719 | |
| Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hammock Corporation | AssetView |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000027.html", "dc:date": "2024-06-20T12:15+09:00", "dcterms:issued": "2022-04-22T13:53+09:00", "dcterms:modified": "2024-06-20T12:15+09:00", description: "AssetView provided by Hammock Corporation misses authentication for some critical functions (CWE-306) on the managing server.\r\n\r\nDenis Faiustov, Ruslan Sayfiev of GMO Cyber Security by IERAE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", link: "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000027.html", "sec:cpe": { "#text": "cpe:/a:hammock:assetview", "@product": "AssetView", "@vendor": "Hammock Corporation", "@version": "2.2", }, "sec:cvss": [ { "@score": "9.3", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "@version": "2.0", }, { "@score": "9.0", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "@version": "3.0", }, ], "sec:identifier": "JVNDB-2022-000027", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN54857505/index.html", "@id": "JVN#54857505", "@source": "JVN", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-28719", "@id": "CVE-2022-28719", "@source": "CVE", }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-28719", "@id": "CVE-2022-28719", "@source": "NVD", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-287", "@title": "Improper Authentication(CWE-287)", }, ], title: "Hammock AssetView missing authentication for critical functions", }
jvndb-2025-000019
Vulnerability from jvndb
Published
2025-03-25 17:10
Modified
2025-03-25 17:10
Severity ?
Summary
Multiple vulnerabilities in AssetView
Details
AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below.
<UL>
<LI>Missing authentication for critical function (CWE-306) - CVE-2025-25060</br>
<LI>Acquiring sensitive information from sent data to the developer (CWE-201) - CVE-2025-27244
</UL>
</UL>
Takao Kondo of VeriServe Corporation reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hammock Corporation | AssetView |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000019.html", "dc:date": "2025-03-25T17:10+09:00", "dcterms:issued": "2025-03-25T17:10+09:00", "dcterms:modified": "2025-03-25T17:10+09:00", description: "AssetView provided by Hammock Corporation contains multiple vulnerabilities listed below.\r\n<UL>\r\n<LI>Missing authentication for critical function (CWE-306) - CVE-2025-25060</br>\r\n<LI>Acquiring sensitive information from sent data to the developer (CWE-201) - CVE-2025-27244\r\n</UL>\r\n</UL>\r\nTakao Kondo of VeriServe Corporation reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", link: "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000019.html", "sec:cpe": { "#text": "cpe:/a:hammock:assetview", "@product": "AssetView", "@vendor": "Hammock Corporation", "@version": "2.2", }, "sec:cvss": { "@score": "8.2", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "@version": "3.0", }, "sec:identifier": "JVNDB-2025-000019", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN26321838/index.html", "@id": "JVN#26321838", "@source": "JVN", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2025-25060", "@id": "CVE-2025-25060", "@source": "CVE", }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2025-27244", "@id": "CVE-2025-27244", "@source": "CVE", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)", }, ], title: "Multiple vulnerabilities in AssetView", }
jvndb-2017-010584
Vulnerability from jvndb
Published
2018-01-12 15:32
Modified
2018-01-12 15:32
Severity ?
Summary
AssetView and AssetView PLATINUM contain multiple vulnerabilities
Details
AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below.
* Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866
* Improper Input Validation (CWE-20) - CVE-2017-10867
Muneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/vu/JVNVU91625548/ | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10866 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10867 | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Use of Hard-coded Cryptographic Key(CWE-321) | https://cwe.mitre.org/data/definitions/321.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Hammock Corporation | AssetView |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html", "dc:date": "2018-01-12T15:32+09:00", "dcterms:issued": "2018-01-12T15:32+09:00", "dcterms:modified": "2018-01-12T15:32+09:00", description: "AssetView and AssetView PLATINUM provided by Hammock Corporation contain 2 vulnerabilities listed below.\r\n\r\n* Use of Hard-coded Cryptographic Key (CWE-321) - CVE-2017-10866\r\n* Improper Input Validation (CWE-20) - CVE-2017-10867\r\n\r\nMuneaki Nishimura of of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.", link: "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010584.html", "sec:cpe": { "#text": "cpe:/a:hammock:assetview", "@product": "AssetView", "@vendor": "Hammock Corporation", "@version": "2.2", }, "sec:cvss": [ { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "@version": "2.0", }, { "@score": "8.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "@version": "3.0", }, ], "sec:identifier": "JVNDB-2017-010584", "sec:references": [ { "#text": "http://jvn.jp/en/vu/JVNVU91625548/", "@id": "JVNVU#91625548", "@source": "JVN", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10866", "@id": "CVE-2017-10866", "@source": "CVE", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10867", "@id": "CVE-2017-10867", "@source": "CVE", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-20", "@title": "Improper Input Validation(CWE-20)", }, { "#text": "https://cwe.mitre.org/data/definitions/321.html", "@id": "CWE-321", "@title": "Use of Hard-coded Cryptographic Key(CWE-321)", }, ], title: "AssetView and AssetView PLATINUM contain multiple vulnerabilities", }
cve-2025-25060
Vulnerability from cvelistv5
Published
2025-04-02 03:20
Modified
2025-04-02 16:04
Severity ?
EPSS score ?
Summary
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Hammock Corporation | AssetView |
Version: prior to Ver 13.2.4.3408 (13.2.4O) |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-25060", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-02T15:44:53.916896Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-02T16:04:49.028Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "AssetView", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver 13.2.4.3408 (13.2.4O)", }, ], }, { product: "AssetView CLOUD", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver 13.2.4.3408 (13.2.4O)", }, ], }, { product: "AssetView CLOUD", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver 13.3.4.3004 (13.3.4K)", }, ], }, ], descriptions: [ { lang: "en", value: "Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.", }, ], metrics: [ { cvssV3_0: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "Missing authentication for critical function", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T03:20:54.826Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.hammock.jp/assetview/info/250325.html", }, { url: "https://jvn.jp/en/jp/JVN26321838/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-25060", datePublished: "2025-04-02T03:20:54.826Z", dateReserved: "2025-03-07T06:04:12.829Z", dateUpdated: "2025-04-02T16:04:49.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-27244
Vulnerability from cvelistv5
Published
2025-04-02 03:21
Modified
2025-04-02 15:41
Severity ?
EPSS score ?
Summary
AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Hammock Corporation | AssetView |
Version: prior to Ver 13.2.4.3408 (13.2.4O) |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-27244", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-02T15:30:04.477226Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-02T15:41:04.823Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "AssetView", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver 13.2.4.3408 (13.2.4O)", }, ], }, { product: "AssetView CLOUD", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver 13.2.4.3408 (13.2.4O)", }, ], }, { product: "AssetView CLOUD", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver 13.3.4.3004 (13.3.4K)", }, ], }, ], descriptions: [ { lang: "en", value: "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker.", }, ], metrics: [ { cvssV3_0: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-201", description: "Insertion of sensitive information into sent data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-02T03:21:11.828Z", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { url: "https://www.hammock.jp/assetview/info/250325.html", }, { url: "https://jvn.jp/en/jp/JVN26321838/", }, ], }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2025-27244", datePublished: "2025-04-02T03:21:11.828Z", dateReserved: "2025-03-07T06:04:10.352Z", dateUpdated: "2025-04-02T15:41:04.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28719
Vulnerability from cvelistv5
Published
2022-04-28 08:25
Modified
2024-08-03 06:03
Severity ?
EPSS score ?
Summary
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hammock.jp/assetview/info/220422.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN54857505/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hammock Corporation | AssetView |
Version: prior to Ver.13.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:03:52.606Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.hammock.jp/assetview/info/220422.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://jvn.jp/en/jp/JVN54857505/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "AssetView", vendor: "Hammock Corporation", versions: [ { status: "affected", version: "prior to Ver.13.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.", }, ], problemTypes: [ { descriptions: [ { description: "Missing Authentication for Critical Function", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-28T08:25:12", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.hammock.jp/assetview/info/220422.html", }, { tags: [ "x_refsource_MISC", ], url: "https://jvn.jp/en/jp/JVN54857505/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2022-28719", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AssetView", version: { version_data: [ { version_value: "prior to Ver.13.2.0", }, ], }, }, ], }, vendor_name: "Hammock Corporation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote unauthenticated attacker with some knowledge on the system configuration to upload a crafted configuration file to the managing server, which may result in the managed clients to execute arbitrary code with the administrative privilege.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing Authentication for Critical Function", }, ], }, ], }, references: { reference_data: [ { name: "https://www.hammock.jp/assetview/info/220422.html", refsource: "MISC", url: "https://www.hammock.jp/assetview/info/220422.html", }, { name: "https://jvn.jp/en/jp/JVN54857505/index.html", refsource: "MISC", url: "https://jvn.jp/en/jp/JVN54857505/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2022-28719", datePublished: "2022-04-28T08:25:12", dateReserved: "2022-04-14T00:00:00", dateUpdated: "2024-08-03T06:03:52.606Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }