PT-2022-23320 · Justsystems · Just Frontier+12
Hiroki Matsukuma
·
Published
2022-08-16
·
Updated
2022-08-23
·
CVE-2022-36344
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JustSystems JUST Online Update for J-License versions (affected versions not specified)
Description
An unquoted search path issue exists in the JustSystems JUST Online Update for J-License, which is bundled with various products, including Ichitaro through Pro5. This allows a malicious file to be executed with Windows service privileges if placed in a specific path. The affected products are part of several series, including Office, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atok
Hanako
Homepage Builder
Ichitaro
Just Frontier
Just Jump
Just Pdf
Just School
Just Smile
Just Smile Class
Justsystems Just Online Update For J-License
Shuriken
Tri-De Detaprotect