Lucene search
HistoryJun 16, 2014 - 2:55 p.m.
CVE-2014-2003
cve-2014-2003
justsystems
just online update
validation bypass
ichitaro
remote code execution
7.7 High
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.035 Low
EPSS
Percentile
91.6%
JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
Affected configurations
Node
justsystemsichitaroRange≤2014
ORjustsystemsichitaroMatch10
ORjustsystemsichitaroMatch11
ORjustsystemsichitaroMatch12
ORjustsystemsichitaroMatch13
ORjustsystemsichitaroMatch2004
ORjustsystemsichitaroMatch2005
ORjustsystemsichitaroMatch2006
ORjustsystemsichitaroMatch2006-government
ORjustsystemsichitaroMatch2007
ORjustsystemsichitaroMatch2007-government
ORjustsystemsichitaroMatch2008
ORjustsystemsichitaroMatch2008-government
ORjustsystemsichitaroMatch2009
ORjustsystemsichitaroMatch2009-government
ORjustsystemsichitaroMatch2009-trial
ORjustsystemsichitaroMatch2010
ORjustsystemsichitaroMatch2010-government
ORjustsystemsichitaroMatch2011
ORjustsystemsichitaroMatch2011-sou
ORjustsystemsichitaroMatch2012-shou
ORjustsystemsichitaroMatch2013-gen
ORjustsystemsichitaroMatch2013-gen_trial
ORjustsystemsjust_online_updateMatch-
Related
prion
prion
Code injection
2014-06-16 14:55:00
jvn
jvn
nvd
nvd
CVE-2014-2003
2014-06-16 14:55:05
cvelist
cvelist
CVE-2014-2003
2014-06-16 14:00:00
7.7 High
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.035 Low
EPSS
Percentile
91.6%
Related for CVE-2014-2003