Japan Vulnerability NotesJVN:32415420JVN#32415420: Multiple vulnerabiliteis in Shihonkanri Plus GOOUT
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
82.5%
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.
Shihonkanri Plus GOOUT contains multiple vulnerabilities (which allow reading/writing an arbitrary file) listed below because of the improper validation of input parameter.
Directory traversal (CWE-22) - CVE-2020-5554 A vulnerability allowing manipulation of arbitrary files (CWE-20) - CVE-2020-5555
Impact
- A remote attacker may read and write data of the arbitrary files placed on the the server where the affected product is running - CVE-2020-5554
- A remote attacker may read and write data of the files placed in the same directory where the product is placed - CVE-2020-5555
Solution
Consider stop using Shihonkanri Plus GOOUT Ver1.5.8γVer2.2.10
Since the developer was unreachable, existence of any mitigations is unknown.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
82.5%