CVE Vulnerability

CVE-2022-36344

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN57073973/index.html Third Party Advisory
https://www.justsystems.com/jp/corporate/info/js22001.html Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*
Information

Published : 2022-08-16 08:15

Updated : 2022-08-23 04:02

NVD link : CVE-2022-36344

Mitre link : CVE-2022-36344

Products Affected
No products.
CWE
CWE-428