Search

Find a vulnerability

Search criteria

    1 vulnerability found for RemoteView by RSUPPORT Co., Ltd.

    JVNDB-2025-000085

    Vulnerability from jvndb - Published: 2025-10-15 15:55 - Updated:2025-10-15 15:55
    Severity
    Summary
    Multiple RSUPPORT products may insecurely load Dynamic Link Libraries
    Details
    Multiple RSUPPORT products contain multiple vulnerabilities listed below.
    • RemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859
    • RemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861
    CVE-2025-26859 Eiji James Yoshida reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2025-26860, CVE-2025-26861 Eili Masami reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. JPCERT/CC Addendum These vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017. The developer released the fixed versions in 2017. The coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
      "dc:date": "2025-10-15T15:55+09:00",
      "dcterms:issued": "2025-10-15T15:55+09:00",
      "dcterms:modified": "2025-10-15T15:55+09:00",
      "description": "Multiple RSUPPORT products contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eRemoteView PC Application Console vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26859\u003c/li\u003e\r\n\u003cli\u003eRemoteCall Remote Support Program (for Operator) vulnerable to uncontrolled search path element (CWE-427) - CVE-2025-26860, CVE-2025-26861\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2025-26859\r\nEiji James Yoshida reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-26860, CVE-2025-26861\r\nEili Masami reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nJPCERT/CC Addendum\r\nThese vulnerabilities were reported to IPA, and JPCERT/CC started coordination with the developer in 2017.\r\nThe developer released the fixed versions in 2017.\r\nThe coordination between JPCERT/CC and the developer completed and this JVN is published in 2025.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000085.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:rsupport:remotecall",
          "@product": "RemoteCall",
          "@vendor": "RSUPPORT Co., Ltd.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:rsupport:remoteview",
          "@product": "RemoteView",
          "@vendor": "RSUPPORT Co., Ltd.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000085",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN22713803/index.html",
          "@id": "JVN#22713803",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26859",
          "@id": "CVE-2025-26859",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26860",
          "@id": "CVE-2025-26860",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-26861",
          "@id": "CVE-2025-26861",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple RSUPPORT products may insecurely load Dynamic Link Libraries"
    }