Lucene search

Japan Vulnerability NotesJVN:25422698

HistoryAug 03, 2020 - 12:00 a.m.

JVN#25422698: SKYSEA Client View vulnerable to privilege escalation

2020-08-0300:00:00

Japan Vulnerability Notes

jvn.jp

skysea client view

enterprise it asset management tool

privilege escalation

cwe-268

patch

sensitive information

unintended operations

security vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268).

Impact

A user who can login to the PC where the product is installed may obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations.

Solution

Apply the Patch
Apply the patch according to the information provided by the developer.

Products Affected

SKYSEA Client View Ver.12.200.12n to 15.210.05f

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for JVN:25422698