CVE-2022-36344

EPSS 0.71%
Veröffentlicht 16.08.2022 08:15:09
Zuletzt bearbeitet 21.11.2024 07:12:49
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Justsystems ≫ Atok Medical 2 SwPlatformwindows

Justsystems ≫ Atok Medical 3 SwPlatformwindows

Justsystems ≫ Atok Pro 3 SwPlatformwindows

Justsystems ≫ Atok Pro 4 SwPlatformwindows

Justsystems ≫ Atok Pro 5 SwPlatformwindows

Justsystems ≫ Hanako Police 5

Justsystems ≫ Hanako Police 6

Justsystems ≫ Hanako Police 7

Justsystems ≫ Hanako Pro 3

Justsystems ≫ Hanako Pro 4

Justsystems ≫ Hanako Pro 5

Justsystems ≫ Homepage Builder 20

Justsystems ≫ Homepage Builder 21

Justsystems ≫ Homepage Builder 22

Justsystems ≫ Ichitaro Government 10

Justsystems ≫ Ichitaro Government 8 Version-

Justsystems ≫ Ichitaro Government 9

Justsystems ≫ Ichitaro Pro 3

Justsystems ≫ Ichitaro Pro 4

Justsystems ≫ Ichitaro Pro 5

Justsystems ≫ Just Calc 3

Justsystems ≫ Just Calc 4

Justsystems ≫ Just Calc 5

Justsystems ≫ Just Focus 3

Justsystems ≫ Just Focus 4

Justsystems ≫ Just Frontier 3

Justsystems ≫ Just Government 2

Justsystems ≫ Just Government 3

Justsystems ≫ Just Government 4

Justsystems ≫ Just Government 5

Justsystems ≫ Just Jump 8

Justsystems ≫ Just Jump Class

Justsystems ≫ Just Jump Class 2

Justsystems ≫ Just Medical 2

Justsystems ≫ Just Medical 3

Justsystems ≫ Just Medical 4

Justsystems ≫ Just Medical 5

Justsystems ≫ Just Note 3

Justsystems ≫ Just Note 4

Justsystems ≫ Just Note 5

Justsystems ≫ Just Office 2

Justsystems ≫ Just Office 3

Justsystems ≫ Just Office 4

Justsystems ≫ Just Office 5

Justsystems ≫ Just Pdf 3

Justsystems ≫ Just Pdf 4

Justsystems ≫ Just Pdf 5

Justsystems ≫ Just Pdf 5 SwEditionpro

Justsystems ≫ Just Police 2

Justsystems ≫ Just Police 3

Justsystems ≫ Just Police 4

Justsystems ≫ Just Police 5

Justsystems ≫ Just School 6

Justsystems ≫ Just School 7

Justsystems ≫ Just Smile 6

Justsystems ≫ Just Smile 7

Justsystems ≫ Just Smile 8

Justsystems ≫ Just Smile Class 2

Justsystems ≫ Shuriken Pro 6

Justsystems ≫ Shuriken Pro 7

Justsystems ≫ Tri-de Dataprotect

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.71%	0.714

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://jvn.jp/en/jp/JVN57073973/index.html

Third Party Advisory

https://www.justsystems.com/jp/corporate/info/js22001.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-36344

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-36344

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-36344

EUVD