All the vulnerabilites related to J’s Communication Co., Ltd. - RevoWorks Cloud Client
cve-2024-47560
Vulnerability from cvelistv5
Published
2024-10-01 01:00
Modified
2024-10-01 14:13
Severity ?
EPSS score ?
Summary
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| J’s Communication Co., Ltd. | RevoWorks Cloud Client |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jscom:revoworks_cloud_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "revoworks_cloud_client",
"vendor": "jscom",
"versions": [
{
"lessThan": "3.0.91",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T14:10:49.540532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T14:13:05.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks Cloud Client",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "3.0.91 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client\u0027s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect authorization",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T01:00:23.083Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jscom.jp/news-20240918/"
},
{
"url": "https://jvn.jp/en/jp/JVN39280069/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-47560",
"datePublished": "2024-10-01T01:00:23.083Z",
"dateReserved": "2024-09-27T02:31:41.840Z",
"dateUpdated": "2024-10-01T14:13:05.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}