jvndb-2024-000074
Vulnerability from jvndb
Published
2024-07-29 15:28
Modified
2024-07-31 14:12
Severity
Summary
Multiple vulnerabilities in SKYSEA Client View
Details
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.
SKYSEA Client View contains multiple vulnerabilities listed below.
<ul>
<li>Improper access control in the specific process (CWE-266) - CVE-2024-41139</li>
<li>Origin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143</li>
<li>Path traversal (CWE-22) - CVE-2024-41726</li>
</ul>
Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
"dc:date": "2024-07-31T14:12+09:00",
"dcterms:issued": "2024-07-29T15:28+09:00",
"dcterms:modified": "2024-07-31T14:12+09:00",
"description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eImproper access control in the specific process (CWE-266) - CVE-2024-41139\u003c/li\u003e\r\n\u003cli\u003eOrigin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143\u003c/li\u003e\r\n\u003cli\u003ePath traversal (CWE-22) - CVE-2024-41726\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
"sec:cpe": [
{
"#text": "cpe:/a:skygroup:skysea_client_view",
"@product": "SKYSEA Client View",
"@vendor": "Sky Co., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:skygroup:skysea_client_view",
"@product": "SKYSEA Client View",
"@vendor": "Sky Co., LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:skygroup:skysea_client_view",
"@product": "SKYSEA Client View",
"@vendor": "Sky Co., LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000074",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN84326763/index.html",
"@id": "JVN#84326763",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41139",
"@id": "CVE-2024-41139",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41143",
"@id": "CVE-2024-41143",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-41726",
"@id": "CVE-2024-41726",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in SKYSEA Client View"
}
Loading...