[Japanese]

JVNDB-2017-001054

Arbitrary file upload vulnerability in GigaCC OFFICE

Overview

GigaCC OFFICE provided by WAM!NET Japan K.K. contains a vulnerability where arbitrary files may be uploaded.

WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and WAM!NET Japan K.K. coordinated under the Information Security Early Warning Partnership.

Dongjoo Ha and Heaeun Moon of NSHC Pre., Ltd.
Masaki Yoshikawa of Recruit Technologies Co.,Ltd.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


WAM!NET Japan K.K.
  • GigaCC OFFICE ver.2.3 and earlier

For more information, refer to the information provided by the developer.
Impact

An arbitrary file can be uploaded as a profile image file by a user, which may be used for unauthorized file sharing.
Solution

[Update to the latest version and apply Patch 1, and then apply an update module]
Update to Giga CC OFFICE ver.2.4 and apply Patch 1, and then apply an update module according to the information provided by the developer.
Vendor Information

WAM!NET Japan K.K.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2016-7845
References

  1. JVN : JVNVU#91417143
  2. National Vulnerability Database (NVD) : CVE-2016-7845
Revision History

  • [2017/01/23]
      Web page was published
    [2017/03/16]
      Solution was modified
  • [2018/02/28]
      References : Content was added

Date Public2017/01/19
Date First Published2017/01/23
Date Last Updated2018/02/28