7.8

CVE-2017-2154

Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JustsystemsHanako Version2015
JustsystemsHanako Version2016
JustsystemsHanako Version2017
JustsystemsHanako Version2017 SwEditiontrial_version
JustsystemsHanako Police Version5
JustsystemsHanako Pro Version3
JustsystemsJust Frontier Version3
JustsystemsJust Office Version3 SwEditioneco_print_pack
JustsystemsJust Office Version3 SwEditionstandard
JustsystemsJust Office Version3 SwEditiontri-de_dataprotect_pack
JustsystemsJust Police Version3
JustsystemsJust School Version6
JustsystemsJust School Version6 SwEditionpremium
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.504
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://jvn.jp/en/jp/JVN54268888/index.html
Third Party Advisory
VDB Entry