|
[Japanese]
|
JVNDB-2026-000051
|
SKYSEA Client View and SKYMEC IT Manager improper file access permission settings
|
|
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools.
SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability.- Incorrect default permissions in the installation folder (CWE-276) - CVE-2026-39454
Takashi Matsumoto of NEC Corporation reported this vulnerability to Sky Co.,LTD. and coordinated. After the coordination was completed, Sky Co.,LTD. reported the case to JPCERT/CC to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
CVSS v4 Severity
Base Metrics: 8.5 (High) [IPA Score]
- Access Vector (AV): Local
- Attack Complexity (AC): Low
- Attack Requirements (AT): None
- Privileges Required (PR): Low
- User Interaction (UI): None
Vulnerable System Impact
- Confidentiality Impact (VC): High
- Integrity Impact (VI): High
- Availability Impact (VA): High
Subsequent System Impact
- Confidentiality Impact (SC): None
- Integrity Impact (SI): None
- Availability Impact (SA): None
|
|
|
Sky Co., LTD.
- SKYMEC IT Manager Ver.2024.005.10a and earlier
- SKYSEA Client View Ver.21.200.07j and earlier
|
|
|
A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product.
As a result, arbitrary code may be executed with the administrative privilege.
|
|
[Update the Software or Apply the patches]
Update the software to the latest version or apply the patches according to the information provided by the developer.
|
|
Sky Co., LTD.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2026-39454
|
|
- JVN : JVN#63376363
|
|
- [2026/04/20]
Web page was published
|
