CVE-2022-27176

Description

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.

Related CPE's

a jscom revoworks_scvx ********

a jscom revoworks_desktop ********

a jscom revoworks_browser ********

References

https://jvn.jp/en/jp/JVN27256219/index.html

Third Party Advisory

https://jscom.jp/news-20220527/

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	PARTIAL
AvailabilityImpact	PARTIAL
IntegrityImpact	PARTIAL
BaseScore	6.800000190734863
VectorString	AV:N/AC:M/Au:N/C:P/I:P/A:P
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io