CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
91.6%
“JUST Online Update” and “JUST Online Update for J-License and the management tools” that are bundled with multiple JustSystems products contain a flaw that allows the update program to be executed even if the signature of an update module is invalid.
Please note that this is a flaw in the online update program, not a flaw in each software itself.
If a user execute a crafted update module, arbitrary code may be executed.
Apply the Update
Update “JUST Online Update” and “JUST Online Update for J-License and management tools” according to the information provided by the developer.
For more information, please refer to the developer’s website.
All the products that bundle the following update program are affected.