jvndb-2024-000028
Vulnerability from jvndb
Published
2024-03-07 16:09
Modified
2024-07-29 18:13
Severity
Summary
Multiple vulnerabilities in SKYSEA Client View
Details
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.
SKYSEA Client View contains multiple vulnerabilities listed below.
* Improper access control in the specific folder (CWE-276) - CVE-2024-21805
* Improper access control in the resident process (CWE-749) - CVE-2024-24964
CVE-2024-21805
Ken Kitahara of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-24964
Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
References
Impacted products
Vendor | Product |
---|---|
Sky Co., LTD. | SKYSEA Client View |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html", "dc:date": "2024-07-29T18:13+09:00", "dcterms:issued": "2024-03-07T16:09+09:00", "dcterms:modified": "2024-07-29T18:13+09:00", "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\r\n * Improper access control in the specific folder (CWE-276) - CVE-2024-21805\r\n * Improper access control in the resident process (CWE-749) - CVE-2024-24964\r\n\r\nCVE-2024-21805\r\nKen Kitahara of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-24964\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html", "sec:cpe": { "#text": "cpe:/a:skygroup:skysea_client_view", "@product": "SKYSEA Client View", "@vendor": "Sky Co., LTD.", "@version": "2.2" }, "sec:cvss": [ { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "7.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2024-000028", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN54451757/index.html", "@id": "JVN#54451757", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-21805", "@id": "CVE-2024-21805", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-24964", "@id": "CVE-2024-24964", "@source": "CVE" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Multiple vulnerabilities in SKYSEA Client View" }
Loading...