Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by MOTEX Inc.
CVE-2026-25785 (GCVE-0-2026-25785)
Vulnerability from nvd – Published: 2026-02-25 06:01 – Updated: 2026-02-25 21:15
VLAI
Summary
Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MOTEX Inc. | Lanscope Endpoint Manager (On-Premises) Sub-Manager Server |
Affected:
Ver.9.4.7.3 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:15:03.012255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:15:15.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lanscope Endpoint Manager (On-Premises) Sub-Manager Server",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.4.7.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T06:01:05.327Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.motex.co.jp/news/notice/2026/release260225/"
},
{
"url": "https://jvn.jp/en/jp/JVN79096585/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25785",
"datePublished": "2026-02-25T06:01:05.327Z",
"dateReserved": "2026-02-16T01:44:58.906Z",
"dateUpdated": "2026-02-25T21:15:15.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61932 (GCVE-0-2025-61932)
Vulnerability from nvd – Published: 2025-10-20 07:25 – Updated: 2026-02-26 16:57Summary
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MOTEX Inc. | Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) |
Affected:
Ver.9.4.7.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61932",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T03:55:30.675620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:23.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.4.7.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "Improper Verification of Source of a Communication Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T07:25:39.916Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.motex.co.jp/news/notice/2025/release251020/"
},
{
"url": "https://jvn.jp/en/jp/JVN86318557/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61932",
"datePublished": "2025-10-20T07:25:39.916Z",
"dateReserved": "2025-10-06T02:24:53.875Z",
"dateUpdated": "2026-02-26T16:57:23.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from nvd – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2026-000026
Vulnerability from jvndb - Published: 2026-02-25 15:14 - Updated:2026-02-25 15:14
Severity
Summary
Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal
Details
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.
- Path traversal (CWE-22) - CVE-2026-25785
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000026.html",
"dc:date": "2026-02-25T15:14+09:00",
"dcterms:issued": "2026-02-25T15:14+09:00",
"dcterms:modified": "2026-02-25T15:14+09:00",
"description": "Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/22.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003ePath traversal (CWE-22) - CVE-2026-25785\u003c/li\u003e\u003c/ul\u003eThe following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc. reported the case to IPA in order to notify users of the solution through JVN.\r\nReporter: Kazuki Furukawa, Yuma Taki, Kota Takeda, Ippei Kakurai, Masaaki Chida, Denis Faiustov of GMO Cybersecurity by Ierae, Inc.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000026.html",
"sec:cpe": {
"#text": "cpe:/a:motex:lanscope_endpoint_manager_on-premises_edition",
"@product": "LANSCOPE Endpoint Manager On-Premises Edition",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000026",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN79096585/index.html",
"@id": "JVN#79096585",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-25785",
"@id": "CVE-2026-25785",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal"
}
JVNDB-2025-000088
Vulnerability from jvndb - Published: 2025-10-20 16:17 - Updated:2025-10-22 10:06
Severity
Summary
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Details
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.
- Improper verification of source of a communication channel (CWE-940) - CVE-2025-61932
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000088.html",
"dc:date": "2025-10-22T10:06+09:00",
"dcterms:issued": "2025-10-20T16:17+09:00",
"dcterms:modified": "2025-10-22T10:06+09:00",
"description": "Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eImproper verification of source of a communication channel (CWE-940) - CVE-2025-61932\u003c/li\u003e\u003c/ul\u003e\r\nMOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and MOTEX Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000088.html",
"sec:cpe": {
"#text": "cpe:/a:motex:lanscope_endpoint_manager_on-premises_edition",
"@product": "LANSCOPE Endpoint Manager On-Premises Edition",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000088",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN86318557/index.html",
"@id": "JVN#86318557",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-61932",
"@id": "CVE-2025-61932",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel"
}
JVNDB-2024-000095
Vulnerability from jvndb - Published: 2024-09-09 16:40 - Updated:2024-09-09 16:40
Severity
Summary
Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery
Details
Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).
Yoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
"dc:date": "2024-09-09T16:40+09:00",
"dcterms:issued": "2024-09-09T16:40+09:00",
"dcterms:modified": "2024-09-09T16:40+09:00",
"description": "Multiple Alps System Integration products and the OEM products contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYoshiaki komeyama of KOBELCO SYSTEMS CORPORATION reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000095.html",
"sec:cpe": [
{
"#text": "cpe:/a:hammock:assetview_f",
"@product": "AssetView F",
"@vendor": "Hammock Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_cats",
"@product": "InterSafe CATS",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_gatewayconnection",
"@product": "InterSafe GatewayConnection",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_logdirector",
"@product": "InterSafe LogDirector",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_lognavigator",
"@product": "InterSafe LogNavigator",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_mobilesecurity",
"@product": "InterSafe MobileSecurity",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:alps_system_integration_intersafe_webfilter",
"@product": "InterSafe WebFilter",
"@vendor": "Alps System Integration Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:axseed_sppm_bizbrower",
"@product": "SPPM BizBrowser",
"@vendor": "AXSEED,Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:axseed_sppm_secure_filtering",
"@product": "SPPM Secure Filtering",
"@vendor": "AXSEED,Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:jmas_kaito_secure_browser",
"@product": "KAITO Secure Browser",
"@vendor": "JMA Systems Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:mjs_mjs_web_filtering",
"@product": "MJS Web Filtering",
"@vendor": "MIROKU JYOHO SERVICE CO., LTD. (MJS)",
"@version": "2.2"
},
{
"#text": "cpe:/a:motex:lanscope_endpoint_manager_web_filtering",
"@product": "LANSCOPE Endpoint Manager Web Filtering",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:qualitysoft:url_filtering",
"@product": "URL Filtering",
"@vendor": "QualitySoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:trendmicro:interscan_webmanager",
"@product": "InterScan WebManager",
"@vendor": "Trend Micro, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN05579230/index.html",
"@id": "JVN#05579230",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-45504",
"@id": "CVE-2024-45504",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Alps System Integration products and the OEM products vulnerable to cross-site request forgery"
}
JVNDB-2019-000072
Vulnerability from jvndb - Published: 2019-12-03 13:34 - Updated:2019-12-03 13:34
Severity
Summary
Multiple MOTEX products vulnerable to privilege escalation
Details
LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability.
Mitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000072.html",
"dc:date": "2019-12-03T13:34+09:00",
"dcterms:issued": "2019-12-03T13:34+09:00",
"dcterms:modified": "2019-12-03T13:34+09:00",
"description": "LanScope Cat and LanScope An provided by MOTEX Inc. contain a privilege escalation vulnerability.\r\n\r\nMitsuaki (Mitch) Shiraishi of Secureworks Japan and Yoshimasa Obana reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000072.html",
"sec:cpe": [
{
"#text": "cpe:/a:motex:lanscope_an",
"@product": "LanScope An",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:motex:lanscope_cat",
"@product": "LanScope Cat",
"@vendor": "MOTEX Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000072",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN49068796/index.html",
"@id": "JVN#49068796",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6026",
"@id": "CVE-2019-6026",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-6026",
"@id": "CVE-2019-6026",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple MOTEX products vulnerable to privilege escalation"
}
CVE-2026-25785 (GCVE-0-2026-25785)
Vulnerability from cvelistv5 – Published: 2026-02-25 06:01 – Updated: 2026-02-25 21:15
VLAI
Summary
Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper limitation of a pathname to a restricted directory ('Path Traversal')
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MOTEX Inc. | Lanscope Endpoint Manager (On-Premises) Sub-Manager Server |
Affected:
Ver.9.4.7.3 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T21:15:03.012255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T21:15:15.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lanscope Endpoint Manager (On-Premises) Sub-Manager Server",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.4.7.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T06:01:05.327Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.motex.co.jp/news/notice/2026/release260225/"
},
{
"url": "https://jvn.jp/en/jp/JVN79096585/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25785",
"datePublished": "2026-02-25T06:01:05.327Z",
"dateReserved": "2026-02-16T01:44:58.906Z",
"dateUpdated": "2026-02-25T21:15:15.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61932 (GCVE-0-2025-61932)
Vulnerability from cvelistv5 – Published: 2025-10-20 07:25 – Updated: 2026-02-26 16:57Summary
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MOTEX Inc. | Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) |
Affected:
Ver.9.4.7.1 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61932",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T03:55:30.675620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:23.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "Ver.9.4.7.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-940",
"description": "Improper Verification of Source of a Communication Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T07:25:39.916Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.motex.co.jp/news/notice/2025/release251020/"
},
{
"url": "https://jvn.jp/en/jp/JVN86318557/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-61932",
"datePublished": "2025-10-20T07:25:39.916Z",
"dateReserved": "2025-10-06T02:24:53.875Z",
"dateUpdated": "2026-02-26T16:57:23.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45504 (GCVE-0-2024-45504)
Vulnerability from cvelistv5 – Published: 2024-09-10 04:35 – Updated: 2024-11-04 20:53
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site request forgery (CSRF)
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Alps System Integration Co., Ltd. | InterSafe WebFilter |
Affected:
prior to V9.1SP4 Build1653
|
|
| Alps System Integration Co., Ltd. | InterSafe LogDirector |
Affected:
versions before the replacement file released on 2024 September 9
|
|
| Alps System Integration Co., Ltd. | InterSafe GatewayConnection |
Affected:
versions before 2024 July 20 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe LogNavigator |
Affected:
prior to Ver.1.1.1
|
|
| Alps System Integration Co., Ltd. | InterSafe CATS |
Affected:
versions before 2024 July 4 maintenance
|
|
| Alps System Integration Co., Ltd. | InterSafe MobileSecurity |
Affected:
versions before 2024 August 31 maintenance
|
|
| Trend Micro Incorporated | InterScan WebManager |
Affected:
9.0
Affected: 9.0 Service Pack 1 Affected: 9.1 Affected: 9.1 Service Pack 1 Affected: 9.1 Service Pack 2 Affected: 9.1 Service Pack 3 Affected: and 9.1 Service Pack 4 |
|
| MIROKU JYOHO SERVICE CO., LTD. | MJS WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| Hammock Corporation | AssetView F |
Affected:
versions before 2024 July 4 maintenance
|
|
| MOTEX Inc. | LANSCOPE EndpointManager WebFiltering |
Affected:
versions before 2024 July 4 maintenance
|
|
| AXSEED,Inc. | SPPM BizBrowser |
Affected:
versions before 2024 June 18 maintenance
|
|
| AXSEED,Inc. | SPPM Secure Filtering |
Affected:
versions before 2024 July 20 maintenance
|
|
| QualitySoft Corporation | URL Filtering |
Affected:
versions before 2024 July 4 maintenance
|
|
| JMA Systems Corporation | KAITO SecureBrowser |
Affected:
versions before 2024 July 4 maintenance
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:45:48.117386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:53:34.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InterSafe WebFilter",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to V9.1SP4 Build1653"
}
]
},
{
"product": "InterSafe LogDirector",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before the replacement file released on 2024 September 9"
}
]
},
{
"product": "InterSafe GatewayConnection",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "InterSafe LogNavigator",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.1.1.1"
}
]
},
{
"product": "InterSafe CATS",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "InterSafe MobileSecurity",
"vendor": "Alps System Integration Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 August 31 maintenance"
}
]
},
{
"product": "InterScan WebManager",
"vendor": "Trend Micro Incorporated",
"versions": [
{
"status": "affected",
"version": "9.0"
},
{
"status": "affected",
"version": "9.0 Service Pack 1"
},
{
"status": "affected",
"version": "9.1"
},
{
"status": "affected",
"version": "9.1 Service Pack 1"
},
{
"status": "affected",
"version": "9.1 Service Pack 2"
},
{
"status": "affected",
"version": "9.1 Service Pack 3"
},
{
"status": "affected",
"version": "and 9.1 Service Pack 4"
}
]
},
{
"product": "MJS WebFiltering",
"vendor": "MIROKU JYOHO SERVICE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "AssetView F",
"vendor": "Hammock Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "LANSCOPE EndpointManager WebFiltering",
"vendor": "MOTEX Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "SPPM BizBrowser",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 June 18 maintenance"
}
]
},
{
"product": "SPPM Secure Filtering",
"vendor": "AXSEED,Inc.",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 20 maintenance"
}
]
},
{
"product": "URL Filtering",
"vendor": "QualitySoft Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
},
{
"product": "KAITO SecureBrowser",
"vendor": "JMA Systems Corporation",
"versions": [
{
"status": "affected",
"version": "versions before 2024 July 4 maintenance"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T04:35:19.457Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://alsifaq.dga.jp/faq_detail.html?id=6494"
},
{
"url": "https://success.trendmicro.com/ja-JP/solution/KA-0017618"
},
{
"url": "https://www.motex.co.jp/news/notice/2024/release240909/"
},
{
"url": "https://jvn.jp/en/jp/JVN05579230/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45504",
"datePublished": "2024-09-10T04:35:19.457Z",
"dateReserved": "2024-08-30T14:44:59.684Z",
"dateUpdated": "2024-11-04T20:53:34.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}