|
[Japanese]
|
JVNDB-2023-000102
|
Multiple vulnerabilities in JustSystems products
|
|
Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below.
* Use after free (CWE-416) - CVE-2023-34366
* Integer overflow (CWE-190) - CVE-2023-38127
* Access of resource using incompatible type (Type confusion) (CWE-843) - CVE-2023-38128
* Improper validation of array index (CWE-129) - CVE-2023-35126
Cisco Talos Security Intelligence & Research Group reported these vulnerabilities to JustSystems Corporation and coordinated. JustSystems Corporation and JPCERT/CC published respective advisories in order to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 3.3 (Low) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 1.9 (Low) [IPA Score]
- Access Vector: Local
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-34366
|
CVSS V3 Severity:
Base Metrics
3.3 (Low) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Low
CVSS V2 Severity:Base Metrics
1.9 (Low)
[IPA Score]
-
Access Vector: Local
-
Access Complexity: Medium
-
Authentication: None
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-38127
|
CVSS V3 Severity:
Base Metrics
3.3 (Low) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Low
CVSS V2 Severity:Base Metrics
1.9 (Low)
[IPA Score]
-
Access Vector: Local
-
Access Complexity: Medium
-
Authentication: None
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-38128
|
CVSS V3 Severity:
Base Metrics
3.3 (Low) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Low
CVSS V2 Severity:Base Metrics
1.9 (Low)
[IPA Score]
-
Access Vector: Local
-
Access Complexity: Medium
-
Authentication: None
-
Confidentiality Impact: None
-
Integrity Impact: None
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-35126
|
|
|
JustSystems Corporation
- JUST Government series
- JUST Office series
- JUST Police series
- Ichitaro series
- Rakuraku Hagaki series
|
A wide range of products is affected. For the details, refer to the information provided by the developer.
|
|
Processing a specially crafted file may lead to the product's abnormal termination.
|
|
[Apply the Patch]
Apply the patch according to the information provided by the developer.
For more information, refer to the information provided by the developer.
|
|
JustSystems Corporation
|
|
- Buffer Errors(CWE-119) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2023-34366
- CVE-2023-38127
- CVE-2023-38128
- CVE-2023-35126
|
|
- JVN : JVN#28846531
- National Vulnerability Database (NVD) : CVE-2023-34366
- National Vulnerability Database (NVD) : CVE-2023-38127
- National Vulnerability Database (NVD) : CVE-2023-38128
- National Vulnerability Database (NVD) : CVE-2023-35126
|
|
- [2023/10/19]
Web page was published
- [2024/05/16]
References : Contents were added
|
