CVE-2024-36246

2024-05-3106:11:22

jpcert

www.cve.org

authorization

unifier

unifier cast

vulnerability

patch

arbitrary code

localsystem privilege

malicious program

data.

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch “20240527” not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted.

CNA Affected

[
  {
    "vendor": "Yokogawa Rental & Lease Corporation",
    "product": "Unifier",
    "versions": [
      {
        "version": "Version.5.0 or later",
        "status": "affected"
      },
      {
        "version": " and the patch \"20240527\" not applied",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Yokogawa Rental & Lease Corporation",
    "product": "Unifier Cast ",
    "versions": [
      {
        "version": "Version.5.0 or later",
        "status": "affected"
      },
      {
        "version": " and the patch \"20240527\" not applied",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN17680667/

www.yrl.com/fwp_support/info/khvu7f00000000q7.html