Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for SKYSEA Client View by Sky Co., LTD.

    JVNDB-2026-000051

    Vulnerability from jvndb - Published: 2026-04-20 14:47 - Updated:2026-04-20 14:47
    Severity
    Summary
    SKYSEA Client View and SKYMEC IT Manager improper file access permission settings
    Details
    SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability.
    • Incorrect default permissions in the installation folder (CWE-276) - CVE-2026-39454
    Takashi Matsumoto of NEC Corporation reported this vulnerability to Sky Co.,LTD. and coordinated. After the coordination was completed, Sky Co.,LTD. reported the case to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000051.html",
      "dc:date": "2026-04-20T14:47+09:00",
      "dcterms:issued": "2026-04-20T14:47+09:00",
      "dcterms:modified": "2026-04-20T14:47+09:00",
      "description": "SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools.\r\nSKYSEA Client View and SKYMEC IT Manager contain the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect default permissions in the installation folder (CWE-276) - CVE-2026-39454\u003c/li\u003e\u003c/ul\u003eTakashi Matsumoto of NEC Corporation reported this vulnerability to Sky Co.,LTD. and coordinated. After the coordination was completed, Sky Co.,LTD. reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000051.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:skygroup:skymec_it_manager",
          "@product": "SKYMEC IT Manager",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000051",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN63376363/index.html",
          "@id": "JVN#63376363",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-39454",
          "@id": "CVE-2026-39454",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SKYSEA Client View and SKYMEC IT Manager improper file access permission settings"
    }

    JVNDB-2024-000074

    Vulnerability from jvndb - Published: 2024-07-29 15:28 - Updated:2024-07-31 14:12
    Severity
    Summary
    Multiple vulnerabilities in SKYSEA Client View
    Details
    SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below.
    • Improper access control in the specific process (CWE-266) - CVE-2024-41139
    • Origin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143
    • Path traversal (CWE-22) - CVE-2024-41726
    Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
      "dc:date": "2024-07-31T14:12+09:00",
      "dcterms:issued": "2024-07-29T15:28+09:00",
      "dcterms:modified": "2024-07-31T14:12+09:00",
      "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eImproper access control in the specific process (CWE-266) - CVE-2024-41139\u003c/li\u003e\r\n\u003cli\u003eOrigin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143\u003c/li\u003e\r\n\u003cli\u003ePath traversal (CWE-22) - CVE-2024-41726\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000074",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN84326763/index.html",
          "@id": "JVN#84326763",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41139",
          "@id": "CVE-2024-41139",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41143",
          "@id": "CVE-2024-41143",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41726",
          "@id": "CVE-2024-41726",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in SKYSEA Client View"
    }

    JVNDB-2024-000028

    Vulnerability from jvndb - Published: 2024-03-07 16:09 - Updated:2024-07-29 18:13
    Severity
    Summary
    Multiple vulnerabilities in SKYSEA Client View
    Details
    SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. * Improper access control in the specific folder (CWE-276) - CVE-2024-21805 * Improper access control in the resident process (CWE-749) - CVE-2024-24964 CVE-2024-21805 Ken Kitahara of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-24964 Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html",
      "dc:date": "2024-07-29T18:13+09:00",
      "dcterms:issued": "2024-03-07T16:09+09:00",
      "dcterms:modified": "2024-07-29T18:13+09:00",
      "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\r\n  * Improper access control in the specific folder (CWE-276) - CVE-2024-21805\r\n  * Improper access control in the resident process (CWE-749) - CVE-2024-24964\r\n\r\nCVE-2024-21805\r\nKen Kitahara of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-24964\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000028",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN54451757/index.html",
          "@id": "JVN#54451757",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-21805",
          "@id": "CVE-2024-21805",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-24964",
          "@id": "CVE-2024-24964",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Multiple vulnerabilities in SKYSEA Client View"
    }

    JVNDB-2021-000003

    Vulnerability from jvndb - Published: 2021-01-12 15:53 - Updated:2021-01-12 15:53
    Severity
    Summary
    The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
    Details
    SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). shogo kumamaru of LAC Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000003.html",
      "dc:date": "2021-01-12T15:53+09:00",
      "dcterms:issued": "2021-01-12T15:53+09:00",
      "dcterms:modified": "2021-01-12T15:53+09:00",
      "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool.\r\nThe installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nshogo kumamaru of LAC Co.,Ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000003.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000003",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN69635538/index.html",
          "@id": "JVN#69635538",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20616",
          "@id": "CVE-2021-20616",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20616",
          "@id": "CVE-2021-20616",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2020-000052

    Vulnerability from jvndb - Published: 2020-08-03 14:59 - Updated:2020-08-03 14:59
    Severity
    Summary
    SKYSEA Client View vulnerable to privilege escalation
    Details
    SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268). Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000052.html",
      "dc:date": "2020-08-03T14:59+09:00",
      "dcterms:issued": "2020-08-03T14:59+09:00",
      "dcterms:modified": "2020-08-03T14:59+09:00",
      "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268).\r\n\r\nSky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000052.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000052",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN25422698/index.html",
          "@id": "JVN#25422698",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5617",
          "@id": "CVE-2020-5617",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5617",
          "@id": "CVE-2020-5617",
          "@source": "NVD"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2020/at200031.html",
          "@id": "JPCERT-AT-2020-0031",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SKYSEA Client View vulnerable to privilege escalation"
    }

    JVNDB-2016-000249

    Vulnerability from jvndb - Published: 2016-12-22 14:26 - Updated:2017-11-27 16:53
    Severity
    Summary
    SKYSEA Client View vulnerable to arbitrary code execution
    Details
    SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC. Attacks exploiting this vulnerability have been observed in the wild. Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html",
      "dc:date": "2017-11-27T16:53+09:00",
      "dcterms:issued": "2016-12-22T14:26+09:00",
      "dcterms:modified": "2017-11-27T16:53+09:00",
      "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC.\r\n\r\nAttacks exploiting this vulnerability have been observed in the wild.\r\n\r\nSky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "10.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000249",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN84995847/index.html",
          "@id": "JVN#84995847",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7836",
          "@id": "CVE-2016-7836",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7836",
          "@id": "CVE-2016-7836",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20161222-jvn.html",
          "@id": "Security Alert for Vulnerability in SKYSEA Client View (JVN#84995847",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.jpcert.or.jp/at/2016/at160051.html",
          "@id": "JPCERT-AT-2016-0051",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.npa.go.jp/cyberpolice/detect/pdf/20161222.pdf",
          "@id": "Security Alert for Vulnerability in SKYSEA Client View",
          "@source": "AT-POLICE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-noinfo",
          "@title": "No Mapping(CWE-noinfo)"
        }
      ],
      "title": "SKYSEA Client View vulnerable to arbitrary code execution"
    }

    CVE-2021-20616 (GCVE-0-2021-20616)

    Vulnerability from nvd – Published: 2021-01-13 09:40 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.1.020.05b to Ver.16.001.01g
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.726Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/210112_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.1.020.05b to Ver.16.001.01g"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-13T09:40:36.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/210112_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.1.020.05b to Ver.16.001.01g"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/210112_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/210112_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN69635538/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20616",
        "datePublished": "2021-01-13T09:40:37.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5617 (GCVE-0-2020-5617)

    Vulnerability from nvd – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.12.200.12n to 15.210.05f
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:23.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/200803_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.12.200.12n to 15.210.05f"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-04T01:05:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/200803_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5617",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.12.200.12n to 15.210.05f"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/200803_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/200803_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN25422698/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5617",
        "datePublished": "2020-08-04T01:05:50.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:23.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7836 (GCVE-0-2016-7836)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote code execution
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.11.221.03 and earlier
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.skyseaclientview.net/news/161221/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.skygroup.jp/security-info/170308.html"
              },
              {
                "name": "JVN#84995847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
              },
              {
                "name": "95062",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95062"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-7836",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T03:56:28.049245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-14",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:39.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-14T00:00:00.000Z",
                "value": "CVE-2016-7836 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.11.221.03 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.skyseaclientview.net/news/161221/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.skygroup.jp/security-info/170308.html"
            },
            {
              "name": "JVN#84995847",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
            },
            {
              "name": "95062",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95062"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.11.221.03 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.skyseaclientview.net/news/161221/",
                  "refsource": "CONFIRM",
                  "url": "http://www.skyseaclientview.net/news/161221/"
                },
                {
                  "name": "https://www.skygroup.jp/security-info/170308.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.skygroup.jp/security-info/170308.html"
                },
                {
                  "name": "JVN#84995847",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
                },
                {
                  "name": "95062",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95062"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7836",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:39.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20616 (GCVE-0-2021-20616)

    Vulnerability from cvelistv5 – Published: 2021-01-13 09:40 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.1.020.05b to Ver.16.001.01g
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.726Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/210112_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.1.020.05b to Ver.16.001.01g"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-13T09:40:36.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/210112_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.1.020.05b to Ver.16.001.01g"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/210112_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/210112_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN69635538/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20616",
        "datePublished": "2021-01-13T09:40:37.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5617 (GCVE-0-2020-5617)

    Vulnerability from cvelistv5 – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.12.200.12n to 15.210.05f
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:23.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/200803_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.12.200.12n to 15.210.05f"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-04T01:05:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/200803_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5617",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.12.200.12n to 15.210.05f"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/200803_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/200803_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN25422698/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5617",
        "datePublished": "2020-08-04T01:05:50.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:23.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7836 (GCVE-0-2016-7836)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote code execution
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.11.221.03 and earlier
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.skyseaclientview.net/news/161221/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.skygroup.jp/security-info/170308.html"
              },
              {
                "name": "JVN#84995847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
              },
              {
                "name": "95062",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95062"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-7836",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T03:56:28.049245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-14",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:39.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-14T00:00:00.000Z",
                "value": "CVE-2016-7836 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.11.221.03 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.skyseaclientview.net/news/161221/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.skygroup.jp/security-info/170308.html"
            },
            {
              "name": "JVN#84995847",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
            },
            {
              "name": "95062",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95062"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.11.221.03 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.skyseaclientview.net/news/161221/",
                  "refsource": "CONFIRM",
                  "url": "http://www.skyseaclientview.net/news/161221/"
                },
                {
                  "name": "https://www.skygroup.jp/security-info/170308.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.skygroup.jp/security-info/170308.html"
                },
                {
                  "name": "JVN#84995847",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
                },
                {
                  "name": "95062",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95062"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7836",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:39.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }