CVE-2022-36344
Severity CVSS v4.0:
Pending analysis
Type:
CWE-428
Unquoted Search Path or Element
Publication date:
16/08/2022
Last modified:
23/08/2022
Description
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:* | ||
| cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page