mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
401 lines
16 KiB
JSON
401 lines
16 KiB
JSON
{
|
|
"id": "CVE-2022-36344",
|
|
"sourceIdentifier": "vultures@jpcert.or.jp",
|
|
"published": "2022-08-16T08:15:09.157",
|
|
"lastModified": "2024-11-21T07:12:49.830",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se presenta una vulnerabilidad de ruta de b\u00fasqueda no citada en \"JustSystems JUST Online Update for J-License\" incluido en m\u00faltiples productos para usuarios corporativos como en Ichitaro a trav\u00e9s de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. Los productos afectados est\u00e1n incluidos en las siguientes series de productos: Office y Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump y Tri-De DetaProtect."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-428"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*",
|
|
"matchCriteriaId": "EBEAEFCB-0736-49F7-84BD-28EFDC2A1B51"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*",
|
|
"matchCriteriaId": "CC35F9A9-C574-41F6-92D9-21DF4778FA86"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*",
|
|
"matchCriteriaId": "114490A2-2519-4B52-8EBF-3205B43BEFE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*",
|
|
"matchCriteriaId": "C4F9F0F1-D994-49B6-BFB8-1BE988C34A52"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*",
|
|
"matchCriteriaId": "57AF9B76-BF5D-488C-BFD5-579F45FAEC49"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "93422705-9E8B-458C-BD72-E82A8A3C0EFF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5FF3254-6391-4794-8B2F-732E670DA678"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7B4854A7-28DA-4672-BEBF-1ECF36D5EB86"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "700BCC03-72E5-47B8-930C-0AECC317A678"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8CB51BFD-02E3-47AF-B7E5-79CE0976C27E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D9A4C395-A976-4F95-94A6-BCE5E8C9CCFD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C65FF377-C51D-4174-95E5-E7160DB1A00D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8DE5C321-5252-45DC-9B10-492064226821"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BBAA0571-93AA-4C4C-8384-813F3210A3F7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C541F4FC-DC18-40C2-AC6E-F75BC2263229"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2DF2A4C2-ACC8-48A3-BAD0-F69039F2146C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FE45593-9017-4672-A9BF-8A1407527357"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6AADBDD8-139A-4BB4-BE7A-A196ECD1A654"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2E219D80-8644-42C8-BB17-FFEBA9C21B9E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "255EDA85-DC90-4EA3-AD75-6A6689546CA5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7520C861-914D-4A5B-BCAA-915EC8A3AB49"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E4B44FE5-FA7A-429E-829D-8665B410B82B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "34657EE8-1D20-442C-9BB8-79629F49E16B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "69D92070-76F9-4C48-AF8E-05EE8217DFB8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1A47BAC-EA81-42ED-942F-C74088122838"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2F2CE912-BD2E-4695-BBA5-896629AA8DF7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E4CBEAD9-4C99-413B-B86A-55F36B215113"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D49902F6-5022-41D7-998E-8576BFD0A6EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "515D8382-6FAC-4C35-9808-A11AAB0D8C11"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18193350-CFAB-4B10-B780-E37850E84B7E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BE561614-8D25-4DB9-A9DC-181CF89E2053"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "805F0FC4-99DE-4632-97C6-AE8A5D0682A7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A9730B3-CCA6-4E1C-85E0-AEE81E726573"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "62597837-8FFB-4751-9FFD-D3B92BF1D63B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "496E0528-FFBB-4093-B1D2-00BFF043328C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "21F72319-48C2-4C15-BC62-FD915FB7B9F6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BF722D18-413B-4B71-91B2-2BFF4BE5D948"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2B3FDA20-FEF9-4B55-92D9-1771C985112C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "283E5EF3-85B4-4C6B-A66C-942B09A0B578"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EAE8EF38-8E7F-4EA0-9B3F-23D92E252324"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3F2FD3B-757A-4FBD-9C0A-C71F60BC4CB1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "42BABB84-A671-43B2-A318-914AF524AC36"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "28B47EB7-4D3D-4699-B50A-9315D3EC7860"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "76EF577E-2E78-491D-AD89-5653FBCEC882"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "071CC61D-BE9B-43FA-8634-F575BAC03A5C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C7B8F588-4330-4824-9110-06C1F8B9B940"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*",
|
|
"matchCriteriaId": "DCF334E4-9B44-4B17-9A9B-D3275D838905"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F9BAF18F-249C-40A8-AB11-F8923693CAC9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0BF24ADD-AB6F-41C1-840E-3762DEA568A6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4B3AB93-B50E-4039-936D-7FCE01721546"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C96D8CFF-16AC-4108-B80F-F6D8E62288C1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "977D9558-0027-40E6-A0C3-9111778C9D22"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E3660905-7806-419A-AA02-9C4C996261A4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A9C3D7C-ABD8-41A2-A8DD-F779FC2491B4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BCBA3971-6F84-4C55-8D2D-F88C522838F8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7173644D-36CE-436D-8CCC-AAB639752891"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DD5603C6-F40A-4C1E-BE21-5B795B290446"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F1E4E275-8B0A-4246-B18C-443A43A4D95F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A21C2845-08A6-47AC-BF04-661EFD6496DD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8DA45543-4571-46DC-B7DC-998622269E17"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://jvn.jp/en/jp/JVN57073973/index.html",
|
|
"source": "vultures@jpcert.or.jp",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html",
|
|
"source": "vultures@jpcert.or.jp",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://jvn.jp/en/jp/JVN57073973/index.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.justsystems.com/jp/corporate/info/js22001.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |