[Japanese]

JVNDB-2026-000044

Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows

Overview

The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below.
  • Uncontrolled search path element (CWE-427) - CVE-2026-28760
  • Incorrect default permissions (CWE-276) - CVE-2026-32680
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
  • Access Vector (AV): Local
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): None
  • Privileges Required (PR): None
  • User Interaction (UI): Active
    • Vulnerable System Impact
  • Confidentiality Impact (VC): High
  • Integrity Impact (VI): High
  • Availability Impact (VA): High
    • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
The above CVSS base scores have been assigned for CVE-2026-28760

CVSS v3 Severity
Base Metrics: 7.8(High) [IPA Score]
  • Access Vector : Local
  • Attack Complexity : Low
  • Privileges Required : Low
  • User Interaction : None
  • Scope : Unchanged
  • Confidentiality Impact : High
  • Integrity Impact : High
  • Availability Impact : High
CVSS v4 Severity
Base Metrics: 8.5 (High) [IPA Score]
  • Access Vector (AV): Local
  • Attack Complexity (AC): Low
  • Attack Requirements (AT): None
  • Privileges Required (PR): Low
  • User Interaction (UI): None
    • Vulnerable System Impact
  • Confidentiality Impact (VC): High
  • Integrity Impact (VI): High
  • Availability Impact (VA): High
    • Subsequent System Impact
  • Confidentiality Impact (SC): None
  • Integrity Impact (SI): None
  • Availability Impact (SA): None
The above CVSS base scores have been assigned for CVE-2026-32680
Affected Products


RATOC Systems, Inc.
  • RATOC RAID Monitoring Manager for Windows versions prior to 2.00.009.260220

Impact

  • If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege (CVE-2026-28760)
  • If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege (CVE-2026-32680)
Solution

[Update the Software]
Update RATOC RAID Monitoring Manager for Windows to the latest version.
For more details, refer to the information provided by the developer.
Vendor Information

RATOC Systems, Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-28760
  2. CVE-2026-32680
References

  1. JVN : JVN#08057419
  2. JVN : JVNTA#91240916
Revision History

  • [2026/03/26]
      Web page was published

Date Public2026/03/26
Date First Published2026/03/26
Date Last Updated2026/03/26