Vulnerabilites related to jscom - revoworks_browser
Vulnerability from fkie_nvd
Published
2021-09-17 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jscom.jp/news-20210910_2/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN81658818/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jscom.jp/news-20210910_2/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN81658818/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jscom | revoworks_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jscom:revoworks_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD279B-E286-4521-AF7D-0F0EDC2193E0",
"versionEndIncluding": "2.1.230",
"versionStartIncluding": "2.1.197",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control inapropiado de la ejecuci\u00f3n de programas en RevoWorks Browser versi\u00f3n 2.1.230 y anteriores, permite a un atacante ejecutar un comando o c\u00f3digo arbitrario por medio de vectores no especificados"
}
],
"id": "CVE-2021-20790",
"lastModified": "2024-11-21T05:47:11.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-17T02:15:06.837",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-17 02:15
Modified
2024-11-21 05:47
Severity ?
Summary
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jscom.jp/news-20210910_2/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN81658818/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jscom.jp/news-20210910_2/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN81658818/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jscom | revoworks_browser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jscom:revoworks_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FD279B-E286-4521-AF7D-0F0EDC2193E0",
"versionEndIncluding": "2.1.230",
"versionStartIncluding": "2.1.197",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso inapropiado en RevoWorks Browser versi\u00f3n 2.1.230 y anteriores, permite a un atacante omitir la restricci\u00f3n de acceso e intercambiar archivos no autorizados entre el entorno local y el entorno aislado o la configuraci\u00f3n del navegador web por medio de vectores no especificados"
}
],
"id": "CVE-2021-20791",
"lastModified": "2024-11-21T05:47:11.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-17T02:15:06.930",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 09:15
Modified
2024-11-21 06:55
Severity ?
Summary
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jscom.jp/news-20220527/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN27256219/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jscom.jp/news-20220527/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN27256219/index.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jscom | revoworks_browser | * | |
| jscom | revoworks_desktop | * | |
| jscom | revoworks_scvx | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jscom:revoworks_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358237CF-83B6-46C7-81C4-A51C34394A30",
"versionEndExcluding": "2.2.69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jscom:revoworks_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241261-05E9-4E41-A8B4-A66D952BAE42",
"versionEndExcluding": "2.1.85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jscom:revoworks_scvx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA692E59-1D52-4F52-BCA4-E9A2FED5D219",
"versionEndExcluding": "1.0.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de filtrado incompleto de elementos especiales en RevoWorks SCVX usando \"File Sanitization Library\" versiones 1.043 y anteriores, RevoWorks Browser versiones 2.2.67 y anteriores (cuando es usado \"File Sanitization Option\"), y RevoWorks Desktop versiones 2.1.84 y anteriores (cuando es usado \"File Sanitization Option\"), que puede permitir a un atacante ejecutar una macro maliciosa haciendo que un usuario descargue, importe y abra un archivo especialmente dise\u00f1ado en el entorno local"
}
],
"id": "CVE-2022-27176",
"lastModified": "2024-11-21T06:55:20.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T09:15:09.433",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://jscom.jp/news-20220527/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN27256219/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jscom.jp/news-20220527/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN27256219/index.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-20791
Vulnerability from cvelistv5
Published
2021-09-17 01:40
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jscom.jp/news-20210910_2/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN81658818/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| J’s Communication Co., Ltd. | RevoWorks Browser |
Version: 2.1.230 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.1.230 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T01:40:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RevoWorks Browser",
"version": {
"version_data": [
{
"version_value": "2.1.230 and earlier"
}
]
}
}
]
},
"vendor_name": "J\u2019s Communication Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jscom.jp/news-20210910_2/",
"refsource": "MISC",
"url": "https://jscom.jp/news-20210910_2/"
},
{
"name": "https://jvn.jp/en/jp/JVN81658818/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20791",
"datePublished": "2021-09-17T01:40:25",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20790
Vulnerability from cvelistv5
Published
2021-09-17 01:40
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jscom.jp/news-20210910_2/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN81658818/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| J’s Communication Co., Ltd. | RevoWorks Browser |
Version: 2.1.230 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.1.230 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Process Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T01:40:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RevoWorks Browser",
"version": {
"version_data": [
{
"version_value": "2.1.230 and earlier"
}
]
}
}
]
},
"vendor_name": "J\u2019s Communication Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Process Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jscom.jp/news-20210910_2/",
"refsource": "MISC",
"url": "https://jscom.jp/news-20210910_2/"
},
{
"name": "https://jvn.jp/en/jp/JVN81658818/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20790",
"datePublished": "2021-09-17T01:40:23",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27176
Vulnerability from cvelistv5
Published
2022-06-14 07:05
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jscom.jp/news-20220527/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN27256219/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| J’s Communication Co., Ltd. | RevoWorks SCVX, RevoWorks Browser, and RevoWorks |
Version: RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option') |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:31.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jscom.jp/news-20220527/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN27256219/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks SCVX, RevoWorks Browser, and RevoWorks",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete Filtering of Special Elements",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T07:05:36",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jscom.jp/news-20220527/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN27256219/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RevoWorks SCVX, RevoWorks Browser, and RevoWorks",
"version": {
"version_data": [
{
"version_value": "RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027)"
}
]
}
}
]
},
"vendor_name": "J\u2019s Communication Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete Filtering of Special Elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jscom.jp/news-20220527/",
"refsource": "MISC",
"url": "https://jscom.jp/news-20220527/"
},
{
"name": "https://jvn.jp/en/jp/JVN27256219/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN27256219/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27176",
"datePublished": "2022-06-14T07:05:36",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T05:25:31.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}