Search

Find a vulnerability

Search criteria

    10 vulnerabilities by J’s Communication Co., Ltd.

    CVE-2025-26698 (GCVE-0-2025-26698)

    Vulnerability from nvd – Published: 2025-02-26 08:42 – Updated: 2025-02-26 15:32
    VLAI
    Summary
    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect resource transfer between spheres
    Assigner
    Impacted products
    Vendor Product Version
    J’s Communication Co., Ltd. RevoWorks SCVX Affected: 4.0.234 and earlier 4 series versions
    Affected: 5.0.7 and earlier 5 series versions
    Create a notification for this product.
    J’s Communication Co., Ltd. RevoWorks Browser Affected: 2.2.100 and earlier 2 series versions
    Affected: 3.0.1 and earlier 3 series versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T14:46:43.527797Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T15:32:14.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks SCVX",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.234 and earlier 4 series versions"
                },
                {
                  "status": "affected",
                  "version": "5.0.7 and earlier 5 series versions"
                }
              ]
            },
            {
              "product": "RevoWorks Browser",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.100 and earlier 2 series versions"
                },
                {
                  "status": "affected",
                  "version": "3.0.1 and earlier 3 series versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "Incorrect resource transfer between spheres",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-26T08:42:53.924Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jscom.jp/news-20250217/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN91300609/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26698",
        "datePublished": "2025-02-26T08:42:53.924Z",
        "dateReserved": "2025-02-14T04:32:33.696Z",
        "dateUpdated": "2025-02-26T15:32:14.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47560 (GCVE-0-2024-47560)

    Vulnerability from nvd – Published: 2024-10-01 01:00 – Updated: 2024-10-01 14:13
    VLAI
    Summary
    RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect authorization
    Assigner
    Impacted products
    Vendor Product Version
    J’s Communication Co., Ltd. RevoWorks Cloud Client Affected: 3.0.91 and earlier
    Create a notification for this product.
    jscom revoworks_cloud_client Affected: 0 , < 3.0.91 (custom)
        cpe:2.3:a:jscom:revoworks_cloud_client:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jscom:revoworks_cloud_client:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revoworks_cloud_client",
                "vendor": "jscom",
                "versions": [
                  {
                    "lessThan": "3.0.91",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47560",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T14:10:49.540532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T14:13:05.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks Cloud Client",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.91 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client\u0027s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect authorization",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-01T01:00:23.083Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jscom.jp/news-20240918/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN39280069/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47560",
        "datePublished": "2024-10-01T01:00:23.083Z",
        "dateReserved": "2024-09-27T02:31:41.840Z",
        "dateUpdated": "2024-10-01T14:13:05.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27176 (GCVE-0-2022-27176)

    Vulnerability from nvd – Published: 2022-06-14 07:05 – Updated: 2024-08-03 05:25
    VLAI
    Summary
    Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
    Severity
    No CVSS data available.
    CWE
    • Incomplete Filtering of Special Elements
    Assigner
    References
    Impacted products
    Vendor Product Version
    J’s Communication Co., Ltd. RevoWorks SCVX, RevoWorks Browser, and RevoWorks Affected: RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option')
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:31.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jscom.jp/news-20220527/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN27256219/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks SCVX, RevoWorks Browser, and RevoWorks",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incomplete Filtering of Special Elements",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-14T07:05:36.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jscom.jp/news-20220527/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN27256219/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-27176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RevoWorks SCVX, RevoWorks Browser, and RevoWorks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "J\u2019s Communication Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incomplete Filtering of Special Elements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jscom.jp/news-20220527/",
                  "refsource": "MISC",
                  "url": "https://jscom.jp/news-20220527/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN27256219/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN27256219/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-27176",
        "datePublished": "2022-06-14T07:05:36.000Z",
        "dateReserved": "2022-05-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:25:31.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20791 (GCVE-0-2021-20791)

    Vulnerability from nvd – Published: 2021-09-17 01:40 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jscom.jp/news-20210910_2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks Browser",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.230 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-17T01:40:24.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jscom.jp/news-20210910_2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RevoWorks Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.230 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "J\u2019s Communication Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jscom.jp/news-20210910_2/",
                  "refsource": "MISC",
                  "url": "https://jscom.jp/news-20210910_2/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN81658818/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20791",
        "datePublished": "2021-09-17T01:40:25.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20790 (GCVE-0-2021-20790)

    Vulnerability from nvd – Published: 2021-09-17 01:40 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Process Control
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jscom.jp/news-20210910_2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks Browser",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.230 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Process Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-17T01:40:23.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jscom.jp/news-20210910_2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RevoWorks Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.230 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "J\u2019s Communication Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Process Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jscom.jp/news-20210910_2/",
                  "refsource": "MISC",
                  "url": "https://jscom.jp/news-20210910_2/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN81658818/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20790",
        "datePublished": "2021-09-17T01:40:23.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-26698 (GCVE-0-2025-26698)

    Vulnerability from cvelistv5 – Published: 2025-02-26 08:42 – Updated: 2025-02-26 15:32
    VLAI
    Summary
    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-669 - Incorrect resource transfer between spheres
    Assigner
    Impacted products
    Vendor Product Version
    J’s Communication Co., Ltd. RevoWorks SCVX Affected: 4.0.234 and earlier 4 series versions
    Affected: 5.0.7 and earlier 5 series versions
    Create a notification for this product.
    J’s Communication Co., Ltd. RevoWorks Browser Affected: 2.2.100 and earlier 2 series versions
    Affected: 3.0.1 and earlier 3 series versions
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26698",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T14:46:43.527797Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T15:32:14.346Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks SCVX",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.0.234 and earlier 4 series versions"
                },
                {
                  "status": "affected",
                  "version": "5.0.7 and earlier 5 series versions"
                }
              ]
            },
            {
              "product": "RevoWorks Browser",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.2.100 and earlier 2 series versions"
                },
                {
                  "status": "affected",
                  "version": "3.0.1 and earlier 3 series versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "Incorrect resource transfer between spheres",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-26T08:42:53.924Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jscom.jp/news-20250217/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN91300609/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-26698",
        "datePublished": "2025-02-26T08:42:53.924Z",
        "dateReserved": "2025-02-14T04:32:33.696Z",
        "dateUpdated": "2025-02-26T15:32:14.346Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47560 (GCVE-0-2024-47560)

    Vulnerability from cvelistv5 – Published: 2024-10-01 01:00 – Updated: 2024-10-01 14:13
    VLAI
    Summary
    RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect authorization
    Assigner
    Impacted products
    Vendor Product Version
    J’s Communication Co., Ltd. RevoWorks Cloud Client Affected: 3.0.91 and earlier
    Create a notification for this product.
    jscom revoworks_cloud_client Affected: 0 , < 3.0.91 (custom)
        cpe:2.3:a:jscom:revoworks_cloud_client:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jscom:revoworks_cloud_client:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "revoworks_cloud_client",
                "vendor": "jscom",
                "versions": [
                  {
                    "lessThan": "3.0.91",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47560",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T14:10:49.540532Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T14:13:05.394Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks Cloud Client",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0.91 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client\u0027s local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect authorization",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-01T01:00:23.083Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://jscom.jp/news-20240918/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN39280069/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-47560",
        "datePublished": "2024-10-01T01:00:23.083Z",
        "dateReserved": "2024-09-27T02:31:41.840Z",
        "dateUpdated": "2024-10-01T14:13:05.394Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27176 (GCVE-0-2022-27176)

    Vulnerability from cvelistv5 – Published: 2022-06-14 07:05 – Updated: 2024-08-03 05:25
    VLAI
    Summary
    Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
    Severity
    No CVSS data available.
    CWE
    • Incomplete Filtering of Special Elements
    Assigner
    References
    Impacted products
    Vendor Product Version
    J’s Communication Co., Ltd. RevoWorks SCVX, RevoWorks Browser, and RevoWorks Affected: RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option')
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:31.007Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jscom.jp/news-20220527/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN27256219/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks SCVX, RevoWorks Browser, and RevoWorks",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incomplete Filtering of Special Elements",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-14T07:05:36.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jscom.jp/news-20220527/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN27256219/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-27176",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RevoWorks SCVX, RevoWorks Browser, and RevoWorks",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "J\u2019s Communication Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using \u0027File Sanitization Library\u0027 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using \u0027File Sanitization Option\u0027), and RevoWorks Desktop 2.1.84 and prior versions (when using \u0027File Sanitization Option\u0027), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incomplete Filtering of Special Elements"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jscom.jp/news-20220527/",
                  "refsource": "MISC",
                  "url": "https://jscom.jp/news-20220527/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN27256219/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN27256219/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-27176",
        "datePublished": "2022-06-14T07:05:36.000Z",
        "dateReserved": "2022-05-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:25:31.007Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20791 (GCVE-0-2021-20791)

    Vulnerability from cvelistv5 – Published: 2021-09-17 01:40 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jscom.jp/news-20210910_2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks Browser",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.230 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-17T01:40:24.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jscom.jp/news-20210910_2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20791",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RevoWorks Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.230 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "J\u2019s Communication Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jscom.jp/news-20210910_2/",
                  "refsource": "MISC",
                  "url": "https://jscom.jp/news-20210910_2/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN81658818/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20791",
        "datePublished": "2021-09-17T01:40:25.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20790 (GCVE-0-2021-20790)

    Vulnerability from cvelistv5 – Published: 2021-09-17 01:40 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Process Control
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jscom.jp/news-20210910_2/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RevoWorks Browser",
              "vendor": "J\u2019s Communication Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.230 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Process Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-17T01:40:23.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jscom.jp/news-20210910_2/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20790",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RevoWorks Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.230 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "J\u2019s Communication Co., Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Process Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jscom.jp/news-20210910_2/",
                  "refsource": "MISC",
                  "url": "https://jscom.jp/news-20210910_2/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN81658818/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN81658818/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20790",
        "datePublished": "2021-09-17T01:40:23.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }