|
[Japanese]
|
JVNDB-2023-000031
|
Multiple vulnerabilities in JustSystems products
|
|
Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.
- Use After Free (CWE-416) - CVE-2022-43664
- Heap-based Buffer Overflow (CWE-122) - CVE-2022-45115
- Free of Memory not on the Heap (CWE-590) - CVE-2023-22291
- Heap-based Buffer Overflow (CWE-122) - CVE-2023-22660
Cisco Talos Security Intelligence & Research Group reported these vulnerabilities to JustSystems Corporation and coordinated. JustSystems Corporation and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.8 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2022-43664
|
CVSS V3 Severity:
Base Metrics
7.8 (High) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
6.8 (Medium)
[IPA Score]
-
Access Vector: Network
-
Access Complexity: Medium
-
Authentication: None
-
Confidentiality Impact: Partial
-
Integrity Impact: Partial
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2022-45115
|
CVSS V3 Severity:
Base Metrics
7.0 (High) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: High
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
5.1 (Medium)
[IPA Score]
-
Access Vector: Network
-
Access Complexity: High
-
Authentication: None
-
Confidentiality Impact: Partial
-
Integrity Impact: Partial
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-22291
|
CVSS V3 Severity:
Base Metrics
7.0 (High) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: High
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
5.1 (Medium)
[IPA Score]
-
Access Vector: Network
-
Access Complexity: High
-
Authentication: None
-
Confidentiality Impact: Partial
-
Integrity Impact: Partial
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-22660
|
|
|
JustSystems Corporation
- JUST Government series
- JUST Office series
- JUST Police series
- Homepage Builder 21
- Label Mighty series
- Ichitaro series
- Hanako series
- Rakuraku Hagaki series
|
A wide range of products is affected. For the details, refer to the information provided by the developer.
|
|
Processing a specialy crafted file may cause a buffer overflow and/or denial-of-service (DoS) condition.
|
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer
For more information, refer to the information provided by the developer.
|
|
JustSystems Corporation
|
|
- Buffer Errors(CWE-119) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2022-43664
- CVE-2022-45115
- CVE-2023-22291
- CVE-2023-22660
|
|
- JVN : JVN#79149117
- National Vulnerability Database (NVD) : CVE-2022-43664
- National Vulnerability Database (NVD) : CVE-2022-45115
- National Vulnerability Database (NVD) : CVE-2023-22291
- National Vulnerability Database (NVD) : CVE-2023-22660
|
|
- [2023/04/04]
Web page was published
- [2024/05/29]
References : Contents were added
|
