9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
69.6%
SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below.
Improper Access Control (CWE-284) - CVE-2023-22335
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Base Score: 7.5 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Path Traversal (CWE-22) - CVE-2023-22336
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:N/I:P/A:N | Base Score: 5.0 |
Use of Hard-coded Credentials (CWE-798) - CVE-2023-22344
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Update the software
Update software to the latest version according to the information provided by the developer.
The developer states that the patch of Rakuraku PC Cloud Agent is applied automatically when the client is launched.