|
[Japanese]
|
JVNDB-2021-000040
|
QND vulnerable to privilege escalation
|
|
QND provided by QualitySoft Corporation contains a privilege escalation vulnerability (CWE-268).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. RedTeam reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Local
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
|
|
|
QualitySoft Corporation
- QND Premium/Advance/Standard Ver.11.0.4i and earlier
|
|
|
A user who can log in to the PC where the product's Windows client is installed may obtain administrative privileges. As a result, sensitive information may be modified/obtained or unintended operations may be performed.
|
|
[Update the software]
This vulnerability is addressed in QND Advance/Premium/Standard Ver.11.0.5i.
For following versions, update to the latest version according to the information provided by the developer.
*QND Advance/Premium/Standard Ver.11.0i to Ver.11.0.4i
Note that the following versions are no longer supported. The developer recommends users to update to the latest version.
*QND Advance/Standard Ver.10.3i SP3 and earlier
[Apply the Patch]
For the following version, apply the patch according to the information provided by the developer.
*QND Advance/Standard Ver.10.4i
|
|
QualitySoft Corporation
|
|
- Permissions(CWE-264) [IPA Evaluation]
|
|
- CVE-2021-20713
|
|
- JVN : JVN#74686032
- National Vulnerability Database (NVD) : CVE-2021-20713
|
|
- [2021/05/21]
Web page was published
|
