bund 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact unexpected behavior and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-3034 | Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44 | [email protected] | 4.7 | 0.31% | 2023-06-28 | 2024-11-21 |
| CVE-2022-42982 | BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable. | [email protected] | 7.5 | 0.66% | 2022-11-17 | 2025-04-30 |
| CVE-2022-33172 | de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | [email protected] | 5.5 | 0.21% | 2022-08-24 | 2024-11-21 |