JVNDB-2026-000036

[Japanese]
JVNDB-2026-000036
Improper file access permission settings in multiple Digital Arts products
Overview
Multiple products provided by Digital Arts Inc. contains the following vulnerability. Incorrect default permissions (CWE-276) - CVE-2026-28267 Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 5.5 (Medium) [IPA Score] Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: High Availability Impact: None
CVSS v4 Severity Base Metrics: 6.8 (Medium) [IPA Score] Access Vector (AV): Local Attack Complexity (AC): Low Attack Requirements (AT): None Privileges Required (PR): Low User Interaction (UI): None Vulnerable System Impact Confidentiality Impact (VC): None Integrity Impact (VI): High Availability Impact (VA): None Subsequent System Impact Confidentiality Impact (SC): None Integrity Impact (SI): None Availability Impact (SA): None
Affected Products

Inventit Inc. MobiConnect i-FILTER Browser Option versions prior to Ver.4.93R13 Digital Arts Inc. DigitalArts@Cloud Agent (for Windows) versions prior to Ver.1.70R01 i-FILTER Browser & Cloud MultiAgent for Windows versions prior to Ver.4.93R13 i-filter 10 (Windows version only) versions prior to Ver.10.02.00 i-filter 6.0 versions prior to Ver.6.00.57 i-filter for NetCafe versions prior to Ver.6.10.57 i-filter for MultiDevice (Windows version only) versions prior to Ver.6.00.57 i-filter for ZAQ (Windows version only) versions prior to Ver.6.00.57 i-filter for Provider versions prior to Ver.2.00.30 OPTiM Corporation Optimal Biz Web Filtering Powered by i-FILTER (Windows version) versions prior to 4.93R13 FUJITSU i-FILTER Browser & Cloud MultiAgent for Windows versions prior to Ver.4.93R13
Note: i-Filter is only available in Japan and is a different product to Digital Arts Inc.'s i-FILTER, which has the same pronunciation. This vulnerability does not affect Digital Arts' i-FILTER.
Impact
Files may be created or overwritten in the system directory or backup directory by a non-administrative user.
Solution
[Update the Software] Update the software to the latest version according to the information provided by the developer.
Vendor Information
Inventit Inc. Inventit Inc. : mobiconnect FILTER browser options (Text in Japanese, login required) Digital Arts Inc. Digital Arts Inc. : For consumers: Important Notice \| Notice Regarding Vulnerabilities in Our Security Products (Text in Japanese, PDF) Digital Arts Inc. : For business: Important Notice \| Notice Regarding Vulnerabilities in Our Security Products (Text in Japanese, PDF) OPTiM Corporation OPTiM Corporation : OPTiM BizManagement site: List of related services (Text in Japanese, Refer to the related services for your product after logging in) FUJITSU Fujitsu Limited : 4.93R13 (Released March 9, 2026) (Text in Japanese, login required)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2026-28267
References
JVN : JVN#17307628
Revision History
[2026/03/09] Web page was published [2026/03/09] Affected Products : Product version was modified


Date Public	2026/03/09
Date First Published	2026/03/09
Date Last Updated	2026/03/09

Improper file access permission settings in multiple Digital Arts products