CVE-2024-47560

Published: Oct 1, 2024Modified: Oct 4, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: vultures@jpcert.or.jp (Secondary)

Description

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://jscom.jp/news-20240918/

Source: vultures@jpcert.or.jp

https://jvn.jp/en/jp/JVN39280069/

Source: vultures@jpcert.or.jp

Timeline

No history available yet.