Yuuta Watanabe

Researcher fromSTNet, Incorporated
#6087of 53,632
44.6Total CVSS
Vulnerabilities · 6
Medium
3
High
2
Critical
1
PT-2020-11187
9.0
2020-01-06
An · Analyzer · CVE-2019-5987
**Name of the Vulnerable Software and Affected Versions** An-Analyzer versions prior to the version released after June 24, 2019 **Description** The issue allows remote authenticated attackers to execute arbitrary OS commands via the Management Page. **Recommendations** For An-Analyzer versions prior to the version released after June 24, 2019, update to a version released after June 24, 2019 to resolve the issue. As a temporary workaround, consider restricting access to the Management Page to minimize the risk of exploitation.
PT-2020-11188
6.1
2020-01-06
Analyzer · Analyzer · CVE-2019-5988
**Name of the Vulnerable Software and Affected Versions** An-Analyzer versions prior to the version released after 2019 June 24 **Description** A stored cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the Management Page. This could potentially lead to the execution of malicious scripts on the client-side. **Recommendations** For versions prior to the version released after 2019 June 24, consider restricting access to the Management Page until a fix is available. As a temporary workaround, avoid using the Management Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2020-11189
6.1
2020-01-06
Analyzer · Analyzer · CVE-2019-5989
**Name of the Vulnerable Software and Affected Versions** An-Analyzer versions prior to the version released after 2019 June 24 **Description** A DOM-based cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page. **Recommendations** For An-Analyzer versions prior to the version released after 2019 June 24, update to a version released after 2019 June 24 to resolve the issue.
PT-2020-11190
7.5
2020-01-06
Analyzer · Analyzer · CVE-2019-5990
**Name of the Vulnerable Software and Affected Versions** An-Analyzer versions prior to the version released after June 24, 2019 **Description** The issue allows remote attackers to obtain a login password via the HTTP referer. **Recommendations** For An-Analyzer versions prior to the version released after June 24, 2019, update to a version released after June 24, 2019 to resolve the issue.
PT-2018-9022
6.1
2018-11-15
Metabase · Metabase · CVE-2018-0697
**Name of the Vulnerable Software and Affected Versions** Metabase versions 0.29.3 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Metabase versions 0.29.3 and earlier, update to a version later than 0.29.3 to resolve the issue.
PT-2017-11592
9.8
2017-12-01
Unknown · A-Member For Mt · CVE-2017-10898
**Name of the Vulnerable Software and Affected Versions** A-Member and A-Member for MT cloud versions 3.8.6 and earlier **Description** The issue allows an attacker to execute arbitrary SQL commands via unspecified vectors. This can potentially lead to unauthorized access and manipulation of sensitive data. **Recommendations** For versions 3.8.6 and earlier, update to a version later than 3.8.6 to resolve the issue.