CVE-2017-2154

Опубликовано: 28 апр. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Ссылки

https://jvn.jp/en/jp/JVN54268888/index.html
Third Party Advisory
VDB Entry
https://www.justsystems.com/jp/info/js17002.html
Vendor Advisory
https://jvn.jp/en/jp/JVN54268888/index.html
Third Party Advisory
VDB Entry
https://www.justsystems.com/jp/info/js17002.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:justsystems:hanako:2015:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:hanako:2016:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:hanako:2017:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:hanako:2017:*:*:*:trial_version:*:*:*

cpe:2.3:a:justsystems:hanako_police:5:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:hanako_pro:3:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:just_frontier:3:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:just_government:3:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:just_jump_class:2:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:just_office:3:*:*:*:eco_print_pack:*:*:*

cpe:2.3:a:justsystems:just_office:3:*:*:*:standard:*:*:*

cpe:2.3:a:justsystems:just_office:3:*:*:*:tri-de_dataprotect_pack:*:*:*

cpe:2.3:a:justsystems:just_police:3:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:just_school:6:*:*:*:*:*:*:*

cpe:2.3:a:justsystems:just_school:6:*:*:*:premium:*:*:*

EPSS

Процентиль: 53%

0.00301

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-f2m3-hg92-v48c