{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31394", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-04-03T02:24:22.988Z", "datePublished": "2024-05-22T04:35:31.768Z", "dateUpdated": "2025-03-27T15:03:43.986Z"}, "containers": {"cna": {"affected": [{"vendor": "appleple inc.", "product": "a-blog cms Ver.3.1.x series", "versions": [{"version": "prior to Ver.3.1.12", "status": "affected"}]}, {"vendor": "appleple inc.", "product": "a-blog cms Ver.3.0.x series", "versions": [{"version": "prior to Ver.3.0.32", "status": "affected"}]}, {"vendor": "appleple inc.", "product": "a-blog cms Ver.2.11.x series", "versions": [{"version": "prior to Ver.2.11.61", "status": "affected"}]}, {"vendor": "appleple inc.", "product": "a-blog cms Ver.2.10.x series", "versions": [{"version": "prior to Ver.2.10.53", "status": "affected"}]}, {"vendor": "appleple inc.", "product": "a-blog cms", "versions": [{"version": "Ver.2.9 and earlier ", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server."}], "problemTypes": [{"descriptions": [{"description": "Directory traversal", "lang": "en", "type": "text"}]}], "references": [{"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"}, {"url": "https://jvn.jp/en/jp/JVN70977403/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-05-22T04:35:31.768Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-22T17:10:48.613952Z", "id": "CVE-2024-31394", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T15:03:43.986Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:56.577Z"}, "title": "CVE Program Container", "references": [{"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN70977403/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN70977403/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:52:56.577Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-31394", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-22T17:10:48.613952Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T17:10:55.350Z"}}], "cna": {"affected": [{"vendor": "appleple inc.", "product": "a-blog cms Ver.3.1.x series", "versions": [{"status": "affected", "version": "prior to Ver.3.1.12"}]}, {"vendor": "appleple inc.", "product": "a-blog cms Ver.3.0.x series", "versions": [{"status": "affected", "version": "prior to Ver.3.0.32"}]}, {"vendor": "appleple inc.", "product": "a-blog cms Ver.2.11.x series", "versions": [{"status": "affected", "version": "prior to Ver.2.11.61"}]}, {"vendor": "appleple inc.", "product": "a-blog cms Ver.2.10.x series", "versions": [{"status": "affected", "version": "prior to Ver.2.10.53"}]}, {"vendor": "appleple inc.", "product": "a-blog cms", "versions": [{"status": "affected", "version": "Ver.2.9 and earlier "}]}], "references": [{"url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"}, {"url": "https://jvn.jp/en/jp/JVN70977403/"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Directory traversal"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-05-22T04:35:31.768Z"}}}, "cveMetadata": {"cveId": "CVE-2024-31394", "state": "PUBLISHED", "dateUpdated": "2025-03-27T15:03:43.986Z", "dateReserved": "2024-04-03T02:24:22.988Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-05-22T04:35:31.768Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "49BBE24F-A0EA-49F6-B2C2-732AF0DA0F87", "versionEndExcluding": "2.10.53", "vulnerable": true}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "38B5399B-4410-471F-AC10-82E4946957F0", "versionEndExcluding": "2.11.61", "versionStartIncluding": "2.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5CDA3C7-736D-4E64-B2E0-7C45C702DF32", "versionEndExcluding": "3.0.32", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "358CC9AE-9361-45BA-B28D-1AE64536FA46", "versionEndExcluding": "3.1.12", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server."}, {"lang": "es", "value": "La vulnerabilidad de Directory traversal existe en las versiones de la serie a-blog cms Ver.3.1.x anteriores a la Ver.3.1.12, versiones de la serie Ver.3.0.x anteriores a la Ver.3.0.32, versiones de la serie Ver.2.11.x anteriores a la Ver. 2.11.61, versiones de la serie Ver.2.10.x anteriores a la Ver.2.10.53 y Ver.2.9 y versiones anteriores. Si se explota esta vulnerabilidad, un usuario con un editor o un privilegio superior que pueda iniciar sesi\u00f3n en el producto puede obtener archivos arbitrarios en el servidor."}], "id": "CVE-2024-31394", "lastModified": "2025-05-12T14:23:14.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-22T05:15:53.053", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN70977403/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://developer.a-blogcms.jp/blog/news/JVN-70977403.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN70977403/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}