[Japanese]

JVNDB-2026-000030

IM-LogicDesigner module of intra-mart Accel Platform vulnerable to untrusted data deserialization

Overview

IM-LogicDesigner module of intra-mart Accel Platform provided by NTT DATA INTRAMART Corporation contains the following vulnerability.
  • Untrusted data deserialization (CWE-502) - CVE-2026-27776
This can be exploited only when IM-LogicDesigner is deployed

Masataka Sagami reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


NTT DATA INTRAMART CORPORATION
  • intra-mart Accel Platform 2017 Spring (8.0.4) through 2025 Autumn (8.0.27)

According to the developer, the following products and services are affected as well.
  • Accel-Mart Plus (including intra-mart Accel Platform)
  • Accel-Mart Quick
  • DPS for Sales Cloud
Impact

Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege.
Solution

[Apply the Patch]
Apply the patch according to the information provided by the developer.

For Accel-Mart Quick and DPS for Sales Cloud, the patches are applied on February, 2026.
For more details, refer to the information provided by the developer.
Vendor Information

NTT DATA INTRAMART CORPORATION
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-27776
References

  1. JVN : JVN#80500630
Revision History

  • [2026/02/27]
      Web page was published

Date Public2026/02/27
Date First Published2026/02/27
Date Last Updated2026/02/27