datev 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-33387 | A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link. | [email protected] | 6.1 | 0.63% | 2023-06-22 | 2024-11-21 |
| CVE-2011-5158 | Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DATEV Grundpaket Basis CD23.20 allow local users to gain privileges via a Trojan horse (1) DVBSKNLANG101.dll or (2) DvZediTermSrvInfo004.dll file in the current working directory, as demonstrated by a directory that contains a .dmt, .adl, .c02, .dof, or .jrf file. NOTE: some of these details are obtained from third party information. | [email protected] | 9.3 | 0.37% | 2012-09-07 | 2026-04-29 |
| CVE-2010-0689 | The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors. | [email protected] | 10.0 | 6.30% | 2010-02-26 | 2026-04-29 |
| CVE-2003-1169 | DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle. | [email protected] | 4.6 | 0.26% | 2003-12-31 | 2026-04-16 |