← Zuruck zu CVEs
CVE-2022-36344
CRITICAL9.8
Beschreibung
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/16/2022
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
justsystems:atok_medical_2justsystems:atok_medical_3justsystems:atok_pro_3justsystems:atok_pro_4justsystems:atok_pro_5justsystems:hanako_police_5justsystems:hanako_police_6justsystems:hanako_police_7justsystems:hanako_pro_3justsystems:hanako_pro_4justsystems:hanako_pro_5justsystems:homepage_builder_20justsystems:homepage_builder_21justsystems:homepage_builder_22justsystems:ichitaro_government_10justsystems:ichitaro_government_8justsystems:ichitaro_government_9justsystems:ichitaro_pro_3justsystems:ichitaro_pro_4justsystems:ichitaro_pro_5justsystems:just_calc_3justsystems:just_calc_4justsystems:just_calc_5justsystems:just_focus_3justsystems:just_focus_4justsystems:just_frontier_3justsystems:just_government_2justsystems:just_government_3justsystems:just_government_4justsystems:just_government_5justsystems:just_jump_8justsystems:just_jump_classjustsystems:just_jump_class_2justsystems:just_medical_2justsystems:just_medical_3justsystems:just_medical_4justsystems:just_medical_5justsystems:just_note_3justsystems:just_note_4justsystems:just_note_5justsystems:just_office_2justsystems:just_office_3justsystems:just_office_4justsystems:just_office_5justsystems:just_pdf_3justsystems:just_pdf_4justsystems:just_pdf_5justsystems:just_police_2justsystems:just_police_3justsystems:just_police_4justsystems:just_police_5justsystems:just_school_6justsystems:just_school_7justsystems:just_smile_6justsystems:just_smile_7justsystems:just_smile_8justsystems:just_smile_class_2justsystems:shuriken_pro_6justsystems:shuriken_pro_7justsystems:tri-de_dataprotect
Schwachen (CWE)
CWE-428
Referenzen
https://jvn.jp/en/jp/JVN57073973/index.html(vultures@jpcert.or.jp)
https://www.justsystems.com/jp/corporate/info/js22001.html(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN57073973/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.justsystems.com/jp/corporate/info/js22001.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.