CVE-2024-41995

Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000010
https://jvn.jp/en/jp/JVN78728294/
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000010

Configurations

No configuration.

History

24 Mar 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-1188

Information

Published : 2024-08-06 07:15

Updated : 2025-03-24 18:15

NVD link : CVE-2024-41995

Mitre link : CVE-2024-41995

CVE.ORG link : CVE-2024-41995

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Initialization of a Resource with an Insecure Default

7.5 /10