Japan Vulnerability NotesJVN:74686032JVN#74686032: QND vulnerable to privilege escalation
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%
QND provided by QualitySoft Corporation contains a privilege escalation vulnerability (CWE-268).
Impact
A user who can log in to the PC where the product’s Windows client is installed may obtain administrative privileges. As a result, sensitive information may be modified/obtained or unintended operations may be performed.
Solution
Update the software
This vulnerability is addressed in QND Advance/Premium/Standard Ver.11.0.5i.
For following versions, update to the latest version according to the information provided by the developer.
-
QND Advance/Premium/Standard Ver.11.0i to Ver.11.0.4i
Note that the following versions are no longer supported. The developer recommends users to update to the latest version. -
QND Advance/Standard Ver.10.3i SP3 and earlier
Apply the Patch
For the following version, apply the patch according to the information provided by the developer. -
QND Advance/Standard Ver.10.4i
Products Affected
- QND Advance/Premium/Standard Ver.11.0.4i and earlier
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
12.6%