CVE-2024-21805

Published: Mar 12, 2024Modified: May 23, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege.

Affected (1)

Products: Skygroup: Skysea Client View

1 product

Skysea Client View

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Skygroup Skysea Client View	From 16.100.06f to 19.300.09h

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://jvn.jp/en/jp/JVN54451757/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.skyseaclientview.net/news/240307_01/

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN54451757/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.skyseaclientview.net/news/240307_01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.