CVE-2022-36344
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Se presenta una vulnerabilidad de ruta de búsqueda no citada en "JustSystems JUST Online Update for J-License" incluido en múltiples productos para usuarios corporativos como en Ichitaro a través de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. Los productos afectados están incluidos en las siguientes series de productos: Office y Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump y Tri-De DetaProtect.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-22 CVE Reserved
- 2022-08-16 CVE Published
- 2024-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN57073973/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.justsystems.com/jp/corporate/info/js22001.html | 2022-08-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Justsystems Search vendor "Justsystems" | Atok Medical 2 Search vendor "Justsystems" for product "Atok Medical 2" | * | windows |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Atok Medical 3 Search vendor "Justsystems" for product "Atok Medical 3" | * | windows |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Atok Pro 3 Search vendor "Justsystems" for product "Atok Pro 3" | * | windows |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Atok Pro 4 Search vendor "Justsystems" for product "Atok Pro 4" | * | windows |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Atok Pro 5 Search vendor "Justsystems" for product "Atok Pro 5" | * | windows |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Hanako Police 5 Search vendor "Justsystems" for product "Hanako Police 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Hanako Police 6 Search vendor "Justsystems" for product "Hanako Police 6" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Hanako Police 7 Search vendor "Justsystems" for product "Hanako Police 7" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Hanako Pro 3 Search vendor "Justsystems" for product "Hanako Pro 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Hanako Pro 4 Search vendor "Justsystems" for product "Hanako Pro 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Hanako Pro 5 Search vendor "Justsystems" for product "Hanako Pro 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Homepage Builder 20 Search vendor "Justsystems" for product "Homepage Builder 20" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Homepage Builder 21 Search vendor "Justsystems" for product "Homepage Builder 21" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Homepage Builder 22 Search vendor "Justsystems" for product "Homepage Builder 22" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Ichitaro Government 10 Search vendor "Justsystems" for product "Ichitaro Government 10" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Ichitaro Government 8 Search vendor "Justsystems" for product "Ichitaro Government 8" | - | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Ichitaro Government 9 Search vendor "Justsystems" for product "Ichitaro Government 9" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Ichitaro Pro 3 Search vendor "Justsystems" for product "Ichitaro Pro 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Ichitaro Pro 4 Search vendor "Justsystems" for product "Ichitaro Pro 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Ichitaro Pro 5 Search vendor "Justsystems" for product "Ichitaro Pro 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Calc 3 Search vendor "Justsystems" for product "Just Calc 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Calc 4 Search vendor "Justsystems" for product "Just Calc 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Calc 5 Search vendor "Justsystems" for product "Just Calc 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Focus 3 Search vendor "Justsystems" for product "Just Focus 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Focus 4 Search vendor "Justsystems" for product "Just Focus 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Frontier 3 Search vendor "Justsystems" for product "Just Frontier 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Government 2 Search vendor "Justsystems" for product "Just Government 2" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Government 3 Search vendor "Justsystems" for product "Just Government 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Government 4 Search vendor "Justsystems" for product "Just Government 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Government 5 Search vendor "Justsystems" for product "Just Government 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Jump 8 Search vendor "Justsystems" for product "Just Jump 8" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Jump Class Search vendor "Justsystems" for product "Just Jump Class" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Jump Class 2 Search vendor "Justsystems" for product "Just Jump Class 2" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Medical 2 Search vendor "Justsystems" for product "Just Medical 2" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Medical 3 Search vendor "Justsystems" for product "Just Medical 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Medical 4 Search vendor "Justsystems" for product "Just Medical 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Medical 5 Search vendor "Justsystems" for product "Just Medical 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Note 3 Search vendor "Justsystems" for product "Just Note 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Note 4 Search vendor "Justsystems" for product "Just Note 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Note 5 Search vendor "Justsystems" for product "Just Note 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Office 2 Search vendor "Justsystems" for product "Just Office 2" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Office 3 Search vendor "Justsystems" for product "Just Office 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Office 4 Search vendor "Justsystems" for product "Just Office 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Office 5 Search vendor "Justsystems" for product "Just Office 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Pdf 3 Search vendor "Justsystems" for product "Just Pdf 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Pdf 4 Search vendor "Justsystems" for product "Just Pdf 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Pdf 5 Search vendor "Justsystems" for product "Just Pdf 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Pdf 5 Search vendor "Justsystems" for product "Just Pdf 5" | * | pro |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Police 2 Search vendor "Justsystems" for product "Just Police 2" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Police 3 Search vendor "Justsystems" for product "Just Police 3" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Police 4 Search vendor "Justsystems" for product "Just Police 4" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Police 5 Search vendor "Justsystems" for product "Just Police 5" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just School 6 Search vendor "Justsystems" for product "Just School 6" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just School 7 Search vendor "Justsystems" for product "Just School 7" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Smile 6 Search vendor "Justsystems" for product "Just Smile 6" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Smile 7 Search vendor "Justsystems" for product "Just Smile 7" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Smile 8 Search vendor "Justsystems" for product "Just Smile 8" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Just Smile Class 2 Search vendor "Justsystems" for product "Just Smile Class 2" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Shuriken Pro 6 Search vendor "Justsystems" for product "Shuriken Pro 6" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Shuriken Pro 7 Search vendor "Justsystems" for product "Shuriken Pro 7" | * | - |
Affected
| ||||||
| Justsystems Search vendor "Justsystems" | Tri-de Dataprotect Search vendor "Justsystems" for product "Tri-de Dataprotect" | * | - |
Affected
| ||||||