Search criteria
1 vulnerability by WPS Office Software
CVE-2022-25943 (GCVE-0-2022-25943)
Vulnerability from cvelistv5 – Published: 2022-03-09 04:45 – Updated: 2024-08-03 04:49
VLAI
Summary
The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed.
Severity
No CVSS data available.
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.wps.com/whatsnew/pc/20210806/ | x_refsource_CONFIRM |
| https://jvn.jp/en/vu/JVNVU90673830/ | third-party-advisoryx_refsource_JVN |
| https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WPS Office Software | WPS Office for Windows |
Affected:
versions prior to v11.2.0.10258
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WPS Office for Windows",
"vendor": "WPS Office Software",
"versions": [
{
"status": "affected",
"version": "versions prior to v11.2.0.10258"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T04:45:13.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WPS Office for Windows",
"version": {
"version_data": [
{
"version_value": "versions prior to v11.2.0.10258"
}
]
}
}
]
},
"vendor_name": "WPS Office Software"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wps.com/whatsnew/pc/20210806/",
"refsource": "CONFIRM",
"url": "https://www.wps.com/whatsnew/pc/20210806/"
},
{
"name": "JVNVU#90673830: Installer of WPS Office for Windows misconfigures the ACL for the installation directory",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU90673830/"
},
{
"name": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE",
"refsource": "MISC",
"url": "https://github.com/HadiMed/KINGSOFT-WPS-Office-LPE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25943",
"datePublished": "2022-03-09T04:45:13.000Z",
"dateReserved": "2022-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:49:44.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}