Insecure Default Vulnerability Affects Java Platform Versions 12.89 and Earlier
CVE-2024-41995

7.5HIGH

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Javatm Platform
Vendor: CVE Published:; 6 August 2024

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2024-41995?

An insecure default initialization vulnerability exists in versions of the JavaTM Platform prior to 12.89, which may expose Ricoh printers and multi-function products (MFPs) to known vulnerabilities associated with TLS 1.0 and TLS 1.1. The exploitation of this vulnerability could lead to unauthorized access or data breaches, emphasizing the need for prompt remediation or updates from the vendor.

Affected Version(s)

JavaTM Platform Ver.12.89 and earlier

References

https://www.ricoh.com/products/security/vulnerabilities/v...

https://jp.ricoh.com/security/products/vulnerabilities/vu...

https://jvn.jp/en/jp/JVN78728294/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2024
Vulnerability Reserved
Jul 26, 2024