Main Vulnerability Database SB2022052703

SB2022052703 - Incomplete Filtering of Special Elements in J's Communications RevoWorks products

Published: May 27, 2022

Security Bulletin ID SB2022052703

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incomplete Filtering of Special Elements (CVE-ID: CVE-2022-27176)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the sanitization process does not filter completely malicious elements within the File Sanitization Library. A remote attacker can trick a victim to download a specially crafted file and execute malicious macros.

Remediation

Install update from vendor's website.

References

https://jvn.jp/en/jp/JVN27256219/index.html
https://jscom.jp/news-20220527/