JVN#12770174
RICOH Streamline NX vulnerable to improper authorization
Overview
RICOH Streamline NX provided by Ricoh Company, Ltd. contains an improper authorization vulnerability.
Products Affected
- RICOH Streamline NX 3.5.1 to 24R3
Description
RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.
- Improper authorization (CWE-639)
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 8.2
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 5.9
- CVE-2026-21409
- This analysis assumes a man-in-the-middle attack is conducted on the communication between the affected product and its user
Impact
If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information and/or OIDC (OpenID Connect) tokens may be retrieved.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Apply the Workaround
The developer recommends to apply the workaround until the affected product is updated.
For more details, refer to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Ricoh Company, Ltd. reported this vulnerability to IPA to notify the users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-21409 |
| JVN iPedia |
JVNDB-2026-000003 |