Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by DREAM TRAIN INTERNET INC.
CVE-2024-39886 (GCVE-0-2024-39886)
Vulnerability from cvelistv5 – Published: 2024-07-10 06:41 – Updated: 2024-08-02 04:33
VLAI
Summary
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Unprotected Primary Channel
- CWE-419 - Unprotected Primary Channel
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DREAM TRAIN INTERNET INC. | TONE store App |
Affected:
version 3.4.2 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:40:10.688127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-419",
"description": "CWE-419 Unprotected Primary Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:41:01.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:10.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tone.ne.jp/vulnerability/14492007.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28515217/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TONE store App",
"vendor": "DREAM TRAIN INTERNET INC.",
"versions": [
{
"status": "affected",
"version": "version 3.4.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unprotected Primary Channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T06:41:46.185Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://tone.ne.jp/vulnerability/14492007.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28515217/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39886",
"datePublished": "2024-07-10T06:41:46.185Z",
"dateReserved": "2024-07-02T05:24:02.497Z",
"dateUpdated": "2024-08-02T04:33:10.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39886 (GCVE-0-2024-39886)
Vulnerability from nvd – Published: 2024-07-10 06:41 – Updated: 2024-08-02 04:33
VLAI
Summary
TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Unprotected Primary Channel
- CWE-419 - Unprotected Primary Channel
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| DREAM TRAIN INTERNET INC. | TONE store App |
Affected:
version 3.4.2 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:40:10.688127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-419",
"description": "CWE-419 Unprotected Primary Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:41:01.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:10.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tone.ne.jp/vulnerability/14492007.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN28515217/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TONE store App",
"vendor": "DREAM TRAIN INTERNET INC.",
"versions": [
{
"status": "affected",
"version": "version 3.4.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unprotected Primary Channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T06:41:46.185Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://tone.ne.jp/vulnerability/14492007.html"
},
{
"url": "https://jvn.jp/en/jp/JVN28515217/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39886",
"datePublished": "2024-07-10T06:41:46.185Z",
"dateReserved": "2024-07-02T05:24:02.497Z",
"dateUpdated": "2024-08-02T04:33:10.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000069
Vulnerability from jvndb - Published: 2024-07-08 13:43 - Updated:2024-07-08 13:43
Severity
Summary
Cleartext transmission issue in TONE store App to TONE store
Details
TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website (CWE-419).
Kodai Karakawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000069.html",
"dc:date": "2024-07-08T13:43+09:00",
"dcterms:issued": "2024-07-08T13:43+09:00",
"dcterms:modified": "2024-07-08T13:43+09:00",
"description": "TONE store App provided by DREAM TRAIN INTERNET INC. contains a cleartext transmission issue to TONE store website (CWE-419).\r\n\r\nKodai Karakawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000069.html",
"sec:cpe": {
"#text": "cpe:/a:misc:dream_train_internet_tone_store_application",
"@product": "TONE Store Application",
"@vendor": "DREAM TRAIN INTERNET INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "3.7",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000069",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN28515217/index.html",
"@id": "JVN#28515217",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39886",
"@id": "CVE-2024-39886",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cleartext transmission issue in TONE store App to TONE store"
}
JVNDB-2023-000036
Vulnerability from jvndb - Published: 2023-04-17 14:04 - Updated:2023-04-17 14:04
Severity
Summary
API server of TONE Family vulnerable to authentication bypass using an alternate path
Details
API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path (CWE-288).
Kodai Karakawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000036.html",
"dc:date": "2023-04-17T14:04+09:00",
"dcterms:issued": "2023-04-17T14:04+09:00",
"dcterms:modified": "2023-04-17T14:04+09:00",
"description": "API server of TONE Family provided by DREAM TRAIN INTERNET INC. contains an authentication bypass vulnerability using an alternate path (CWE-288).\r\n\r\nKodai Karakawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000036.html",
"sec:cpe": {
"#text": "cpe:/a:misc:dream_train_internet_tone_family",
"@product": "TONE FAMILY",
"@vendor": "DREAM TRAIN INTERNET INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000036",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN14492006/index.html",
"@id": "JVN#14492006",
"@source": "JVN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "API server of TONE Family vulnerable to authentication bypass using an alternate path"
}