Products
RevoWorks Cloud Client
- 3.0.91 and earlier
Source
vultures@jpcert.or.jp
Tags
CVE-2024-47560 details
Published : Oct. 1, 2024, 2:15 a.m.
Last Modified : Oct. 1, 2024, 2:15 a.m.
Last Modified : Oct. 1, 2024, 2:15 a.m.
Description
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-863 | Incorrect Authorization | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://jscom.jp/news-20240918/ | vultures@jpcert.or.jp |
| https://jvn.jp/en/jp/JVN39280069/ | vultures@jpcert.or.jp |
This website uses the NVD API, but is not approved or certified by it.