Lucene search

K
jvnJapan Vulnerability NotesJVN:54451757
HistoryMar 07, 2024 - 12:00 a.m.

JVN#54451757: Multiple vulnerabilities in SKYSEA Client View

2024-03-0700:00:00
Japan Vulnerability Notes
jvn.jp
7
skysea client view
vulnerabilities
access control
arbitrary code
privilege escalation
update
patch

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.
SKYSEA Client View contains multiple vulnerabilities listed below.

Improper access control in the specific folder (CWE-284) - CVE-2024-21805

Version Vector Score
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 3.3
CVSS v2 AV:L/AC:L/Au:S/C:N/I:P/A:N Base Score: 1.7

Improper access control in the resident process (CWE-284) - CVE-2024-24964

Version Vector Score
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 7.8
CVSS v2 AV:L/AC:L/Au:S/C:P/I:P/A:P Base Score: 4.3

Impact

  • An arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product’s Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege - CVE-2024-21805
  • An arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product’s Windows client is installed - CVE-2024-24964

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released SKYSEA Client View Ver.19.2 that addresses these vulnerabilities.

Apply the patch
For SKYSEA Client View Ver.17.0 to Ver.19.101, the developer has released patches that contain fixes for these vulnerabilities.
For more details, refer to the information provided by the developer.

Products Affected

CVE-2024-21805

  • SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2
    CVE-2024-24964

  • SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for JVN:54451757