clavister 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk denial of service があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2018-8753 | The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack. | [email protected] | 5.9 | 1.63% | 2018-08-15 | 2026-06-16 |
| CVE-2007-3805 | The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates. | [email protected] | 5.4 | 0.88% | 2007-07-16 | 2026-06-16 |
| CVE-2007-3804 | The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | [email protected] | 5.0 | 1.95% | 2007-07-16 | 2026-06-16 |
| CVE-2007-3803 | The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | [email protected] | 10.0 | 2.26% | 2007-07-16 | 2026-06-16 |
| CVE-2005-3915 | The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | [email protected] | 7.5 | 2.76% | 2005-11-30 | 2026-06-16 |