[Japanese]

JVNDB-2024-000107

RevoWorks Cloud vulnerable to unintended process execution

Overview

RevoWorks Cloud provided by J's Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes. However, a defect in this function was found which fails to detect unauthorized processes (CWE-863).

J's Communication Co., Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and J's Communication Co., Ltd. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


J's Communication Co., Ltd.
  • RevoWorks Cloud Client 3.0.91 and earlier

Impact

Unintended processes may be executed in the sandbox environment.
Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
Solution

[Update RevoWorks Cloud Client]
Update RevoWorks Cloud Client to the latest version according to the information provided by the developer.
Vendor Information

J's Communication Co., Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-47560
References

  1. JVN : JVN#39280069
Revision History

  • [2024/09/30]
      Web page was published

Date Public2024/09/30
Date First Published2024/09/30
Date Last Updated2024/09/30