Japan Vulnerability NotesJVN:01937209JVN#01937209: LINE WORKS Drive Explorer vulnerable to code injection
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.7%
LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability (CWE-94).
Impact
An attacker who can login to the client where the affected product is installed may inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Products Affected
- Drive Explorer for macOS versions 3.5.4 and earlier
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.7%