Published:2024/05/15  Last Updated:2024/05/15
      
        JVNVU#95350607
        Multiple vulnerabilities in Field Logic DataCube
              
      
      Overview
DataCube provided by Field Logic Inc. contains multiple vulnerabilities.
Products Affected
- DataCube3 all versions
- DataCube4 versions prior to 1.0.1.50
Description
DataCube provided by Field Logic Inc. contains multiple vulnerabilities listed below.
- Direct Request ('Forced Browsing') (CWE-425)
	- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 7.5
- CVE-2024-25830
 
- Reflected cross-site scripting (CWE-79)
	- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1
- CVE-2024-25831
 
- Unrestricted upload of file with dangerous type (CWE-434)
	- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
- CVE-2024-25832
 
- SQL injection (CWE-89)
	- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3
- CVE-2024-25833
 
Impact
- An unauthenticated attacker may obtain the root and admin password (CVE-2024-25830)
- When the authenticated user accesses a malicious web page, an arbitrary script may be executed on the user's web browser (CVE-2024-25831)
- An authenticated malicious actor may upload a file of dangerous type, resulting in code execution (CVE-2024-25832)
- An unauthenticated attacker may execute an arbitrary SQL query (CVE-2024-25833)
Solution
Contact vendor
Contact the vendor to get information on the affected products and mitigation.
Vendor Status
| Vendor | Link | 
| Field Logic Inc. | Alert on vulnerabilities in DataCube3 and DataCube4 (Text in Japanese) | 
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2024-25830, CVE-2024-25831, CVE-2024-25832, CVE-2024-25833
Thomas J. Knudsen and Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2024-25832
CV3TR4CK reported this vulnerability to JPCERT/CC during the coordination based on the above report.
