CVE-2018-0624

EPSS 0.31%
Veröffentlicht 07.09.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:38:36
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yayoi-kk ≫ Aoiro Shinkoku Version <= 23.1.1

Yayoi-kk ≫ Hanbai Version <= 20.0.2

Yayoi-kk ≫ Kaikei Version <= 23.1.1

Yayoi-kk ≫ Kokyaku Kanri Version <= 11.0.2

Yayoi-kk ≫ Kyuuyo Version <= 20.1.4

Yayoi-kk ≫ Kyuuyo Keisan Version <= 20.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.533

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

http://jvn.jp/en/jp/JVN06813756/index.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-0624

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0624

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0624

EUVD