CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
10.5%
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.
SKYSEA Client View contains multiple vulnerabilities listed below.
Improper access control in the specific process (CWE-266) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-41139Origin validation error in shared memory data exchanges**** (CWE-346) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-41143Path traversal (CWE-22) CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.5 CVE-2024-41726
SYSTEM
privilege (CVE-2024-41139)SYSTEM
privilege by a user who can log in to the PC where the product’s Windows client is installed (CVE-2024-41143)Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released SKYSEA Client View Ver.19.3 that addresses these vulnerabilities.
Apply the patch
For SKYSEA Client View Ver.17.0 to Ver.19.210.04e, the developer has released patches that contain fixes for these vulnerabilities.
For more details, refer to the information provided by the developer.
CVE-2024-41139
SKYSEA Client View versions from Ver.6.010.06 to Ver.19.210.04e
CVE-2024-41143
SKYSEA Client View versions from Ver.3.013.00 to Ver.19.210.04e
CVE-2024-41726
SKYSEA Client View versions from Ver.15.200.13i to Ver.19.210.04e