CVE-2022-27176

Опубликовано: 14 июн. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.

Ссылки

https://jscom.jp/news-20220527/
Vendor Advisory
https://jvn.jp/en/jp/JVN27256219/index.html
Third Party Advisory
https://jscom.jp/news-20220527/
Vendor Advisory
https://jvn.jp/en/jp/JVN27256219/index.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jscom:revoworks_browser:*:*:*:*:*:*:*:*

Версия до 2.2.69 (исключая)

cpe:2.3:a:jscom:revoworks_desktop:*:*:*:*:*:*:*:*

Версия до 2.1.85 (исключая)

cpe:2.3:a:jscom:revoworks_scvx:*:*:*:*:*:*:*:*

Версия до 1.0.44 (исключая)

EPSS

Процентиль: 44%

0.00217

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-2gj6-4m7m-3c82