Lucene search

[email protected]CVE-2017-2154

HistoryApr 28, 2017 - 4:59 p.m.

CVE-2017-2154

2017-04-2816:59:02

CWE-20

[email protected]

web.nvd.nist.gov

vulnerability

untrusted search path

hanako

just

remote attackers

privileges

dll

nvd

cve-2017-2154

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.

Affected configurations

NVD

Node

justsystemshanakoMatch2015

justsystemshanakoMatch2016

justsystemshanakoMatch2017

justsystemshanakoMatch2017trial_version

justsystemshanako_policeMatch5

justsystemshanako_proMatch3

justsystemsjust_frontierMatch3

justsystemsjust_governmentMatch3

justsystemsjust_jump_classMatch2

justsystemsjust_officeMatch3eco_print_pack

justsystemsjust_officeMatch3standard

justsystemsjust_officeMatch3tri-de_dataprotect_pack

justsystemsjust_policeMatch3

justsystemsjust_schoolMatch6

justsystemsjust_schoolMatch6premium

CPENameOperatorVersion
justsystems:hanakojustsystems hanakoeq2015
justsystems:hanakojustsystems hanakoeq2016
justsystems:hanakojustsystems hanakoeq2017
justsystems:hanako_policejustsystems hanako policeeq5
justsystems:hanako_projustsystems hanako proeq3
justsystems:just_frontierjustsystems just frontiereq3
justsystems:just_governmentjustsystems just governmenteq3
justsystems:just_jump_classjustsystems just jump classeq2
justsystems:just_officejustsystems just officeeq3
justsystems:just_policejustsystems just policeeq3

CPE	Name	Operator	Version
justsystems:hanako	justsystems hanako	eq	2015
justsystems:hanako	justsystems hanako	eq	2016
justsystems:hanako	justsystems hanako	eq	2017
justsystems:hanako_police	justsystems hanako police	eq	5
justsystems:hanako_pro	justsystems hanako pro	eq	3
justsystems:just_frontier	justsystems just frontier	eq	3
justsystems:just_government	justsystems just government	eq	3
justsystems:just_jump_class	justsystems just jump class	eq	2
justsystems:just_office	justsystems just office	eq	3
justsystems:just_police	justsystems just police	eq	3

Rows per page:

1-10 of 111

References

jvn.jp/en/jp/JVN54268888/index.html

www.justsystems.com/jp/info/js17002.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

JSON

Related for CVE-2017-2154

cvelist1 nvd1 jvn1 prion1