CVE-2024-45504
MEDIUMInterSafe WebFilter < V9.1SP4 Build1653 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform unintended operations if the user views a malicious page while logged in.
References (4)
Core 4
Core References
Various Sources
https://alsifaq.dga.jp/faq_detail.html?id=6494
Various Sources
https://success.trendmicro.com/ja-JP/solution/KA-0017618
Various Sources
https://www.motex.co.jp/news/notice/2024/release240909/
Third Party Advisory
https://jvn.jp/en/jp/JVN05579230/
Scores
CVSS v3
6.5
EPSS
0.0030
EPSS Percentile
21.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (20)
Alps System Integration Co., Ltd./InterSafe CATS
versions before 2024 July 4 maintenance
Alps System Integration Co., Ltd./InterSafe GatewayConnection
versions before 2024 July 20 maintenance
Alps System Integration Co., Ltd./InterSafe LogDirector
versions before the replacement file released on 2024 September 9
Alps System Integration Co., Ltd./InterSafe LogNavigator
prior to Ver.1.1.1
Alps System Integration Co., Ltd./InterSafe MobileSecurity
versions before 2024 August 31 maintenance
Alps System Integration Co., Ltd./InterSafe WebFilter
prior to V9.1SP4 Build1653
AXSEED,Inc./SPPM BizBrowser
versions before 2024 June 18 maintenance
AXSEED,Inc./SPPM Secure Filtering
versions before 2024 July 20 maintenance
Hammock Corporation/AssetView F
versions before 2024 July 4 maintenance
JMA Systems Corporation/KAITO SecureBrowser
versions before 2024 July 4 maintenance
... and 10 more
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026