CVE-2022-36344 (GCVE-0-2022-36344)

Vulnerability from cvelistv5 – Published: 2022-08-16 07:03 – Updated: 2024-08-03 10:00
VLAI?
Summary
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Severity ?
No CVSS data available.
CWE
  • Unquoted Search Path or Element
Assigner
References
Impacted products
Vendor Product Version
JustSystems Corporation JustSystems JUST Online Update for J-License' Affected: JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:00:04.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JustSystems JUST Online Update for J-License\u0027",
          "vendor": "JustSystems Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unquoted Search Path or Element",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-16T07:03:05",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-36344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JustSystems JUST Online Update for J-License\u0027",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "JustSystems Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unquoted Search Path or Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.justsystems.com/jp/corporate/info/js22001.html",
              "refsource": "MISC",
              "url": "https://www.justsystems.com/jp/corporate/info/js22001.html"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN57073973/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN57073973/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-36344",
    "datePublished": "2022-08-16T07:03:05",
    "dateReserved": "2022-07-22T00:00:00",
    "dateUpdated": "2024-08-03T10:00:04.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"EBEAEFCB-0736-49F7-84BD-28EFDC2A1B51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"CC35F9A9-C574-41F6-92D9-21DF4778FA86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"114490A2-2519-4B52-8EBF-3205B43BEFE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"C4F9F0F1-D994-49B6-BFB8-1BE988C34A52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"57AF9B76-BF5D-488C-BFD5-579F45FAEC49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93422705-9E8B-458C-BD72-E82A8A3C0EFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5FF3254-6391-4794-8B2F-732E670DA678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B4854A7-28DA-4672-BEBF-1ECF36D5EB86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"700BCC03-72E5-47B8-930C-0AECC317A678\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CB51BFD-02E3-47AF-B7E5-79CE0976C27E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9A4C395-A976-4F95-94A6-BCE5E8C9CCFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C65FF377-C51D-4174-95E5-E7160DB1A00D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DE5C321-5252-45DC-9B10-492064226821\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBAA0571-93AA-4C4C-8384-813F3210A3F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C541F4FC-DC18-40C2-AC6E-F75BC2263229\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E401B098-6551-4101-9906-19C2AB7A5504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DF2A4C2-ACC8-48A3-BAD0-F69039F2146C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FE45593-9017-4672-A9BF-8A1407527357\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AADBDD8-139A-4BB4-BE7A-A196ECD1A654\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E219D80-8644-42C8-BB17-FFEBA9C21B9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"255EDA85-DC90-4EA3-AD75-6A6689546CA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7520C861-914D-4A5B-BCAA-915EC8A3AB49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4B44FE5-FA7A-429E-829D-8665B410B82B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34657EE8-1D20-442C-9BB8-79629F49E16B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69D92070-76F9-4C48-AF8E-05EE8217DFB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1A47BAC-EA81-42ED-942F-C74088122838\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F2CE912-BD2E-4695-BBA5-896629AA8DF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4CBEAD9-4C99-413B-B86A-55F36B215113\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D49902F6-5022-41D7-998E-8576BFD0A6EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"515D8382-6FAC-4C35-9808-A11AAB0D8C11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18193350-CFAB-4B10-B780-E37850E84B7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE561614-8D25-4DB9-A9DC-181CF89E2053\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"805F0FC4-99DE-4632-97C6-AE8A5D0682A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A9730B3-CCA6-4E1C-85E0-AEE81E726573\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62597837-8FFB-4751-9FFD-D3B92BF1D63B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"496E0528-FFBB-4093-B1D2-00BFF043328C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21F72319-48C2-4C15-BC62-FD915FB7B9F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF722D18-413B-4B71-91B2-2BFF4BE5D948\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B3FDA20-FEF9-4B55-92D9-1771C985112C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"283E5EF3-85B4-4C6B-A66C-942B09A0B578\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAE8EF38-8E7F-4EA0-9B3F-23D92E252324\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3F2FD3B-757A-4FBD-9C0A-C71F60BC4CB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42BABB84-A671-43B2-A318-914AF524AC36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28B47EB7-4D3D-4699-B50A-9315D3EC7860\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76EF577E-2E78-491D-AD89-5653FBCEC882\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"071CC61D-BE9B-43FA-8634-F575BAC03A5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7B8F588-4330-4824-9110-06C1F8B9B940\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*\", \"matchCriteriaId\": \"DCF334E4-9B44-4B17-9A9B-D3275D838905\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9BAF18F-249C-40A8-AB11-F8923693CAC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0BF24ADD-AB6F-41C1-840E-3762DEA568A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4B3AB93-B50E-4039-936D-7FCE01721546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C96D8CFF-16AC-4108-B80F-F6D8E62288C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"977D9558-0027-40E6-A0C3-9111778C9D22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3660905-7806-419A-AA02-9C4C996261A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A9C3D7C-ABD8-41A2-A8DD-F779FC2491B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCBA3971-6F84-4C55-8D2D-F88C522838F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7173644D-36CE-436D-8CCC-AAB639752891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD5603C6-F40A-4C1E-BE21-5B795B290446\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1E4E275-8B0A-4246-B18C-443A43A4D95F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A21C2845-08A6-47AC-BF04-661EFD6496DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DA45543-4571-46DC-B7DC-998622269E17\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de ruta de b\\u00fasqueda no citada en \\\"JustSystems JUST Online Update for J-License\\\" incluido en m\\u00faltiples productos para usuarios corporativos como en Ichitaro a trav\\u00e9s de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. Los productos afectados est\\u00e1n incluidos en las siguientes series de productos: Office y Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump y Tri-De DetaProtect.\"}]",
      "id": "CVE-2022-36344",
      "lastModified": "2024-11-21T07:12:49.830",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-08-16T08:15:09.157",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN57073973/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.justsystems.com/jp/corporate/info/js22001.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN57073973/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.justsystems.com/jp/corporate/info/js22001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-428\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-36344\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2022-08-16T08:15:09.157\",\"lastModified\":\"2024-11-21T07:12:49.830\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unquoted search path vulnerability exists in \u0027JustSystems JUST Online Update for J-License\u0027 bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ruta de b\u00fasqueda no citada en \\\"JustSystems JUST Online Update for J-License\\\" incluido en m\u00faltiples productos para usuarios corporativos como en Ichitaro a trav\u00e9s de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. Los productos afectados est\u00e1n incluidos en las siguientes series de productos: Office y Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump y Tri-De DetaProtect.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"EBEAEFCB-0736-49F7-84BD-28EFDC2A1B51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"CC35F9A9-C574-41F6-92D9-21DF4778FA86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"114490A2-2519-4B52-8EBF-3205B43BEFE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"C4F9F0F1-D994-49B6-BFB8-1BE988C34A52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"57AF9B76-BF5D-488C-BFD5-579F45FAEC49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93422705-9E8B-458C-BD72-E82A8A3C0EFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5FF3254-6391-4794-8B2F-732E670DA678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4854A7-28DA-4672-BEBF-1ECF36D5EB86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"700BCC03-72E5-47B8-930C-0AECC317A678\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CB51BFD-02E3-47AF-B7E5-79CE0976C27E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9A4C395-A976-4F95-94A6-BCE5E8C9CCFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C65FF377-C51D-4174-95E5-E7160DB1A00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DE5C321-5252-45DC-9B10-492064226821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBAA0571-93AA-4C4C-8384-813F3210A3F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C541F4FC-DC18-40C2-AC6E-F75BC2263229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E401B098-6551-4101-9906-19C2AB7A5504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF2A4C2-ACC8-48A3-BAD0-F69039F2146C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FE45593-9017-4672-A9BF-8A1407527357\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AADBDD8-139A-4BB4-BE7A-A196ECD1A654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E219D80-8644-42C8-BB17-FFEBA9C21B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"255EDA85-DC90-4EA3-AD75-6A6689546CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7520C861-914D-4A5B-BCAA-915EC8A3AB49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4B44FE5-FA7A-429E-829D-8665B410B82B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34657EE8-1D20-442C-9BB8-79629F49E16B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69D92070-76F9-4C48-AF8E-05EE8217DFB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1A47BAC-EA81-42ED-942F-C74088122838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F2CE912-BD2E-4695-BBA5-896629AA8DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4CBEAD9-4C99-413B-B86A-55F36B215113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D49902F6-5022-41D7-998E-8576BFD0A6EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"515D8382-6FAC-4C35-9808-A11AAB0D8C11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18193350-CFAB-4B10-B780-E37850E84B7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE561614-8D25-4DB9-A9DC-181CF89E2053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"805F0FC4-99DE-4632-97C6-AE8A5D0682A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A9730B3-CCA6-4E1C-85E0-AEE81E726573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62597837-8FFB-4751-9FFD-D3B92BF1D63B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"496E0528-FFBB-4093-B1D2-00BFF043328C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21F72319-48C2-4C15-BC62-FD915FB7B9F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF722D18-413B-4B71-91B2-2BFF4BE5D948\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B3FDA20-FEF9-4B55-92D9-1771C985112C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"283E5EF3-85B4-4C6B-A66C-942B09A0B578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAE8EF38-8E7F-4EA0-9B3F-23D92E252324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3F2FD3B-757A-4FBD-9C0A-C71F60BC4CB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42BABB84-A671-43B2-A318-914AF524AC36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28B47EB7-4D3D-4699-B50A-9315D3EC7860\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76EF577E-2E78-491D-AD89-5653FBCEC882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"071CC61D-BE9B-43FA-8634-F575BAC03A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7B8F588-4330-4824-9110-06C1F8B9B940\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*\",\"matchCriteriaId\":\"DCF334E4-9B44-4B17-9A9B-D3275D838905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9BAF18F-249C-40A8-AB11-F8923693CAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BF24ADD-AB6F-41C1-840E-3762DEA568A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4B3AB93-B50E-4039-936D-7FCE01721546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C96D8CFF-16AC-4108-B80F-F6D8E62288C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"977D9558-0027-40E6-A0C3-9111778C9D22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3660905-7806-419A-AA02-9C4C996261A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9C3D7C-ABD8-41A2-A8DD-F779FC2491B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCBA3971-6F84-4C55-8D2D-F88C522838F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7173644D-36CE-436D-8CCC-AAB639752891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD5603C6-F40A-4C1E-BE21-5B795B290446\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E4E275-8B0A-4246-B18C-443A43A4D95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A21C2845-08A6-47AC-BF04-661EFD6496DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA45543-4571-46DC-B7DC-998622269E17\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN57073973/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.justsystems.com/jp/corporate/info/js22001.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN57073973/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.justsystems.com/jp/corporate/info/js22001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.