sakailms CVE 脆弱性と CVE 一覧(4)

製品(CPE): — CVE 件数: 4

sakailms 脆弱性概要

sakailms 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk cross-site scripting and パス処理の欠陥 などに関し、一部は vendor impact session compromise を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 14 / 4 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-33402 Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAI_SITE_GROUP table for titles and descriptions that contain this info. [email protected] 1.3 0.19% 2026-03-26 2026-06-17
CVE-2025-62710 Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest [email protected] 5.9 0.17% 2025-10-22 2026-06-17
CVE-2024-47876 Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability. [email protected] 8.7 0.55% 2024-10-15 2026-06-17
CVE-2019-16148 Sakai through 12.6 allows XSS via a chat user name. [email protected] 6.1 0.83% 2019-09-09 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence