[Japanese]

JVNDB-2017-001054

Arbitrary file upload vulnerability in GigaCC OFFICE

Overview

GigaCC OFFICE provided by WAM!NET Japan K.K. contains a vulnerability where arbitrary files may be uploaded.

WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.

Dongjoo Ha and Heaeun Moon of NSHC Pre., Ltd.
Masaki Yoshikawa of Recruit Technologies Co.,Ltd.
CVSS Severity (What is CVSS?)

Base Metrics: 5.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: Partial

CVSS V3 Severity:
Base Metrics: 5.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: Low
Affected Products


WAM!NET Japan K.K.
  • GigaCC ver.2.3 and earlier

For more information, refer to the information provided by the developer.
Impact

An arbitrary file can be uploaded as a profile image file by a user, which may be used for unauthorized file sharing.
Solution

[Update to the latest version and apply Patch 1, and then apply an update module]
Update to Giga CC OFFICE ver.2.4 and apply Patch 1, and then apply an update module according to the information provided by the developer.
Vendor Information

WAM!NET Japan K.K.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2016-7845
References

  1. JVN : JVNVU#91417143
Revision History

[2017/01/23]
  Web page was published
[2017/03/16]
  Solution was modified