7.6

CVE-2014-2003

JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JustsystemsIchitaro Version <= 2014
JustsystemsIchitaro Version10
JustsystemsIchitaro Version11
JustsystemsIchitaro Version12
JustsystemsIchitaro Version13
JustsystemsIchitaro Version2004
JustsystemsIchitaro Version2005
JustsystemsIchitaro Version2006
JustsystemsIchitaro Version2006 Update- Editiongovernment
JustsystemsIchitaro Version2007
JustsystemsIchitaro Version2007 Update- Editiongovernment
JustsystemsIchitaro Version2008
JustsystemsIchitaro Version2008 Update- Editiongovernment
JustsystemsIchitaro Version2009
JustsystemsIchitaro Version2009 Update- Editiongovernment
JustsystemsIchitaro Version2009 Update- Editiontrial
JustsystemsIchitaro Version2010
JustsystemsIchitaro Version2010 Update- Editiongovernment
JustsystemsIchitaro Version2011
JustsystemsIchitaro Version2011 Update- Editionsou
JustsystemsIchitaro Version2012 Update- Editionshou
JustsystemsIchitaro Version2013 Update- Editiongen
JustsystemsIchitaro Version2013 Update- Editiongen_trial
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.37% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.