CVE-2024-41995

Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0 and TLS1.1 vulnerabilities. As for the specific products/models/versions of MFPs and printers that contain JavaTM Platform, see the information provided by the vendor.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2024-000010
https://jvn.jp/en/jp/JVN78728294/
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000010

Configurations

No configuration.

History

24 Mar 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-1188

06 Aug 2024, 14:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) La inicialización de un recurso con una vulnerabilidad predeterminada insegura existe en JavaTM Platform versión 12.89 y versiones anteriores. Si se aprovecha esta vulnerabilidad, el producto puede verse afectado por algunas vulnerabilidades conocidas de TLS1.0 y TLS1.1. En cuanto a los productos/modelos/versiones específicos de impresoras multifunción y que contienen la plataforma JavaTM, consulte la información proporcionada por el proveedor.

06 Aug 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-06 07:15

Updated : 2025-03-24 18:15

NVD link : CVE-2024-41995

Mitre link : CVE-2024-41995

CVE.ORG link : CVE-2024-41995

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Insecure Default Initialization of Resource

7.5 /10