Search

Find a vulnerability

Search criteria

    18 vulnerabilities by Sky Co., LTD.

    JVNDB-2026-000051

    Vulnerability from jvndb - Published: 2026-04-20 14:47 - Updated:2026-04-20 14:47
    Severity
    Summary
    SKYSEA Client View and SKYMEC IT Manager improper file access permission settings
    Details
    SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability.
    • Incorrect default permissions in the installation folder (CWE-276) - CVE-2026-39454
    Takashi Matsumoto of NEC Corporation reported this vulnerability to Sky Co.,LTD. and coordinated. After the coordination was completed, Sky Co.,LTD. reported the case to JPCERT/CC to notify users of the solution through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000051.html",
      "dc:date": "2026-04-20T14:47+09:00",
      "dcterms:issued": "2026-04-20T14:47+09:00",
      "dcterms:modified": "2026-04-20T14:47+09:00",
      "description": "SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools.\r\nSKYSEA Client View and SKYMEC IT Manager contain the following vulnerability.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/276.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eIncorrect default permissions in the installation folder (CWE-276) - CVE-2026-39454\u003c/li\u003e\u003c/ul\u003eTakashi Matsumoto of NEC Corporation reported this vulnerability to Sky Co.,LTD. and coordinated. After the coordination was completed, Sky Co.,LTD. reported the case to JPCERT/CC to notify users of the solution through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000051.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:skygroup:skymec_it_manager",
          "@product": "SKYMEC IT Manager",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000051",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN63376363/index.html",
          "@id": "JVN#63376363",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-39454",
          "@id": "CVE-2026-39454",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SKYSEA Client View and SKYMEC IT Manager improper file access permission settings"
    }

    JVNDB-2024-000077

    Vulnerability from jvndb - Published: 2024-07-30 16:40 - Updated:2024-07-30 16:40
    Severity
    Summary
    FFRI AMC vulnerable to OS command injection
    Details
    FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X. FFRI AMC contains an OS command injection vulnerability (CWE-78). It is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style. FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000077.html",
      "dc:date": "2024-07-30T16:40+09:00",
      "dcterms:issued": "2024-07-30T16:40+09:00",
      "dcterms:modified": "2024-07-30T16:40+09:00",
      "description": "FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X.\r\nFFRI AMC contains an OS command injection vulnerability (CWE-78).\r\nIt is exploitable when the notification program setting is enabled, the executable file path is configured with a batch file (.bat) or command file (.cmd), and the file is written in a certain style.\r\n\r\nFFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000077.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ffri:ffri_amc",
          "@product": "FFRI AMC",
          "@vendor": "FFRI Security, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:nec:ffri_amc",
          "@product": "FFRI AMC for ActSecure X",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:edr_plus_pack",
          "@product": "EDR Pluspack",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "8.1",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000077",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN26734798/index.html",
          "@id": "JVN#26734798",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-40895",
          "@id": "CVE-2024-40895",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "FFRI AMC vulnerable to OS command injection"
    }

    JVNDB-2024-000074

    Vulnerability from jvndb - Published: 2024-07-29 15:28 - Updated:2024-07-31 14:12
    Severity
    Summary
    Multiple vulnerabilities in SKYSEA Client View
    Details
    SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below.
    • Improper access control in the specific process (CWE-266) - CVE-2024-41139
    • Origin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143
    • Path traversal (CWE-22) - CVE-2024-41726
    Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
      "dc:date": "2024-07-31T14:12+09:00",
      "dcterms:issued": "2024-07-29T15:28+09:00",
      "dcterms:modified": "2024-07-31T14:12+09:00",
      "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eImproper access control in the specific process (CWE-266) - CVE-2024-41139\u003c/li\u003e\r\n\u003cli\u003eOrigin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143\u003c/li\u003e\r\n\u003cli\u003ePath traversal (CWE-22) - CVE-2024-41726\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:skysea_client_view",
          "@product": "SKYSEA Client View",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000074",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN84326763/index.html",
          "@id": "JVN#84326763",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41139",
          "@id": "CVE-2024-41139",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41143",
          "@id": "CVE-2024-41143",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41726",
          "@id": "CVE-2024-41726",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in SKYSEA Client View"
    }

    JVNDB-2024-000028

    Vulnerability from jvndb - Published: 2024-03-07 16:09 - Updated:2024-07-29 18:13
    Severity
    Summary
    Multiple vulnerabilities in SKYSEA Client View
    Details
    SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. * Improper access control in the specific folder (CWE-276) - CVE-2024-21805 * Improper access control in the resident process (CWE-749) - CVE-2024-24964 CVE-2024-21805 Ken Kitahara of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-24964 Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html",
      "dc:date": "2024-07-29T18:13+09:00",
      "dcterms:issued": "2024-03-07T16:09+09:00",
      "dcterms:modified": "2024-07-29T18:13+09:00",
      "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\r\n  * Improper access control in the specific folder (CWE-276) - CVE-2024-21805\r\n  * Improper access control in the resident process (CWE-749) - CVE-2024-24964\r\n\r\nCVE-2024-21805\r\nKen Kitahara of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-24964\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000028",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN54451757/index.html",
          "@id": "JVN#54451757",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-21805",
          "@id": "CVE-2024-21805",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-24964",
          "@id": "CVE-2024-24964",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Multiple vulnerabilities in SKYSEA Client View"
    }

    JVNDB-2023-000080

    Vulnerability from jvndb - Published: 2023-08-07 17:39 - Updated:2024-03-28 17:54
    Severity
    Summary
    "FFRI yarai" and "FFRI yarai Home and Business Edition" handle exceptional conditions improperly
    Details
    "FFRI yarai" and "FFRI yarai Home and Business Edition" provided by FFRI Security, Inc. handle exceptional conditions improperly (CWE-703). When the product's Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the affected product may fail to handle this situation properly and stop working. FFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000080.html",
      "dc:date": "2024-03-28T17:54+09:00",
      "dcterms:issued": "2023-08-07T17:39+09:00",
      "dcterms:modified": "2024-03-28T17:54+09:00",
      "description": "\"FFRI yarai\" and \"FFRI yarai Home and Business Edition\" provided by FFRI Security, Inc. handle exceptional conditions improperly (CWE-703).\r\nWhen the product\u0027s Windows Defender management feature is enabled, and Microsoft Defender detects some files matching specific conditions as a threat, the affected product may fail to handle this situation properly and stop working.\r\n\r\nFFRI Security, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and FFRI Security, Inc. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000080.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:ffri:ffri_yarai",
          "@product": "FFRI yarai",
          "@vendor": "FFRI Security, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:nec:actsecure_x_managed_security_service",
          "@product": "ActSecure X",
          "@vendor": "NEC Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:edr_plus_pack",
          "@product": "EDR Pluspack",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:skygroup:edr_plus_pack_cloud",
          "@product": "EDR Pluspack Cloud",
          "@vendor": "Sky Co., LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:soliton:infotrace_mark_ii_malware_protection",
          "@product": "InfoTrace Mark II",
          "@vendor": "Soliton Systems K.K.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:soliton:zerona",
          "@product": "Zerona",
          "@vendor": "Soliton Systems K.K.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:soliton:zerona_plus",
          "@product": "Zerona PLUS Anti-malware",
          "@vendor": "Soliton Systems K.K.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:sourcenext:dual_safe",
          "@product": "Double Protection Powered by FFRI yarai",
          "@vendor": "SOURCENEXT CORPORATION",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000080",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN42527152/index.html",
          "@id": "JVN#42527152",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39341",
          "@id": "CVE-2023-39341",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39341",
          "@id": "CVE-2023-39341",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "\"FFRI yarai\" and \"FFRI yarai Home and Business Edition\" handle exceptional conditions improperly"
    }

    JVNDB-2021-000003

    Vulnerability from jvndb - Published: 2021-01-12 15:53 - Updated:2021-01-12 15:53
    Severity
    Summary
    The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
    Details
    SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). shogo kumamaru of LAC Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000003.html",
      "dc:date": "2021-01-12T15:53+09:00",
      "dcterms:issued": "2021-01-12T15:53+09:00",
      "dcterms:modified": "2021-01-12T15:53+09:00",
      "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool.\r\nThe installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nshogo kumamaru of LAC Co.,Ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000003.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000003",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN69635538/index.html",
          "@id": "JVN#69635538",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20616",
          "@id": "CVE-2021-20616",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20616",
          "@id": "CVE-2021-20616",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2020-000052

    Vulnerability from jvndb - Published: 2020-08-03 14:59 - Updated:2020-08-03 14:59
    Severity
    Summary
    SKYSEA Client View vulnerable to privilege escalation
    Details
    SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268). Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000052.html",
      "dc:date": "2020-08-03T14:59+09:00",
      "dcterms:issued": "2020-08-03T14:59+09:00",
      "dcterms:modified": "2020-08-03T14:59+09:00",
      "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268).\r\n\r\nSky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000052.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2020-000052",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN25422698/index.html",
          "@id": "JVN#25422698",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5617",
          "@id": "CVE-2020-5617",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5617",
          "@id": "CVE-2020-5617",
          "@source": "NVD"
        },
        {
          "#text": "https://www.jpcert.or.jp/english/at/2020/at200031.html",
          "@id": "JPCERT-AT-2020-0031",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "SKYSEA Client View vulnerable to privilege escalation"
    }

    JVNDB-2016-000249

    Vulnerability from jvndb - Published: 2016-12-22 14:26 - Updated:2017-11-27 16:53
    Severity
    Summary
    SKYSEA Client View vulnerable to arbitrary code execution
    Details
    SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC. Attacks exploiting this vulnerability have been observed in the wild. Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html",
      "dc:date": "2017-11-27T16:53+09:00",
      "dcterms:issued": "2016-12-22T14:26+09:00",
      "dcterms:modified": "2017-11-27T16:53+09:00",
      "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC.\r\n\r\nAttacks exploiting this vulnerability have been observed in the wild.\r\n\r\nSky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html",
      "sec:cpe": {
        "#text": "cpe:/a:skygroup:skysea_client_view",
        "@product": "SKYSEA Client View",
        "@vendor": "Sky Co., LTD.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "10.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000249",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN84995847/index.html",
          "@id": "JVN#84995847",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7836",
          "@id": "CVE-2016-7836",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7836",
          "@id": "CVE-2016-7836",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/security/ciadr/vul/20161222-jvn.html",
          "@id": "Security Alert for Vulnerability in SKYSEA Client View (JVN#84995847",
          "@source": "IPA SECURITY ALERTS"
        },
        {
          "#text": "https://www.jpcert.or.jp/at/2016/at160051.html",
          "@id": "JPCERT-AT-2016-0051",
          "@source": "JPCERT"
        },
        {
          "#text": "https://www.npa.go.jp/cyberpolice/detect/pdf/20161222.pdf",
          "@id": "Security Alert for Vulnerability in SKYSEA Client View",
          "@source": "AT-POLICE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-noinfo",
          "@title": "No Mapping(CWE-noinfo)"
        }
      ],
      "title": "SKYSEA Client View vulnerable to arbitrary code execution"
    }

    CVE-2024-40895 (GCVE-0-2024-40895)

    Vulnerability from nvd – Published: 2024-07-30 08:37 – Updated: 2024-08-02 04:39
    VLAI
    Summary
    FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FFRI Security, Inc. FFRI AMC Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    NEC Corporation FFRI AMC for ActSecure χ Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    Sky Co., Ltd. EDR Plus Pack Affected: Bundled FFRI AMC versions 3.4.0 to 3.5.3
    Create a notification for this product.
    ffri ffri_amc Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack_cloud Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ffri_amc",
                "vendor": "ffri",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack_cloud",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:16:27.684515Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T17:31:56.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:39:55.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/240729_01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN26734798/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFRI AMC",
              "vendor": "FFRI Security, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "FFRI AMC for ActSecure \u03c7",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "EDR Plus Pack",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI AMC versions 3.4.0 to 3.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T08:37:07.607Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
            },
            {
              "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
            },
            {
              "url": "https://www.skyseaclientview.net/news/240729_01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26734798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40895",
        "datePublished": "2024-07-30T08:37:07.607Z",
        "dateReserved": "2024-07-12T03:00:58.480Z",
        "dateUpdated": "2024-08-02T04:39:55.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39341 (GCVE-0-2023-39341)

    Vulnerability from nvd – Published: 2023-08-09 02:42 – Updated: 2024-10-17 14:20
    VLAI
    Summary
    "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper check or handling of exceptional conditions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ffri.jp/security-info/index.htm"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcenext.com/support/i/2023/230718_01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/230807_01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN42527152/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:20:33.187569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:20:49.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFRI yarai",
              "vendor": "FFRI Security, Inc. ",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            },
            {
              "product": "FFRI yarai Home and Business Edition",
              "vendor": "FFRI Security, Inc. ",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.4.0"
                }
              ]
            },
            {
              "product": "InfoTrace Mark II Malware Protection (Mark II Zerona)",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.0.1 to 3.2.2"
                }
              ]
            },
            {
              "product": "Zerona / Zerona PLUS",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": " versions 3.2.32 to 3.2.36"
                }
              ]
            },
            {
              "product": "ActSecure \u03c7",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            },
            {
              "product": "Dual Safe Powered by FFRI yarai",
              "vendor": "SOURCENEXT CORPORATION ",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.4.1"
                }
              ]
            },
            {
              "product": "EDR Plus Pack",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            },
            {
              "product": "EDR Plus Pack Cloud",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure \u03c7 versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper check or handling of exceptional conditions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T02:42:51.631Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ffri.jp/security-info/index.htm"
            },
            {
              "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"
            },
            {
              "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"
            },
            {
              "url": "https://www.sourcenext.com/support/i/2023/230718_01"
            },
            {
              "url": "https://www.skyseaclientview.net/news/230807_01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN42527152/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39341",
        "datePublished": "2023-08-09T02:42:51.631Z",
        "dateReserved": "2023-07-28T09:52:26.677Z",
        "dateUpdated": "2024-10-17T14:20:49.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20616 (GCVE-0-2021-20616)

    Vulnerability from nvd – Published: 2021-01-13 09:40 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.1.020.05b to Ver.16.001.01g
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.726Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/210112_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.1.020.05b to Ver.16.001.01g"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-13T09:40:36.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/210112_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.1.020.05b to Ver.16.001.01g"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/210112_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/210112_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN69635538/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20616",
        "datePublished": "2021-01-13T09:40:37.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5617 (GCVE-0-2020-5617)

    Vulnerability from nvd – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.12.200.12n to 15.210.05f
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:23.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/200803_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.12.200.12n to 15.210.05f"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-04T01:05:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/200803_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5617",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.12.200.12n to 15.210.05f"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/200803_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/200803_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN25422698/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5617",
        "datePublished": "2020-08-04T01:05:50.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:23.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7836 (GCVE-0-2016-7836)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote code execution
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.11.221.03 and earlier
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.skyseaclientview.net/news/161221/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.skygroup.jp/security-info/170308.html"
              },
              {
                "name": "JVN#84995847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
              },
              {
                "name": "95062",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95062"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-7836",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T03:56:28.049245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-14",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:39.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-14T00:00:00.000Z",
                "value": "CVE-2016-7836 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.11.221.03 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.skyseaclientview.net/news/161221/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.skygroup.jp/security-info/170308.html"
            },
            {
              "name": "JVN#84995847",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
            },
            {
              "name": "95062",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95062"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.11.221.03 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.skyseaclientview.net/news/161221/",
                  "refsource": "CONFIRM",
                  "url": "http://www.skyseaclientview.net/news/161221/"
                },
                {
                  "name": "https://www.skygroup.jp/security-info/170308.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.skygroup.jp/security-info/170308.html"
                },
                {
                  "name": "JVN#84995847",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
                },
                {
                  "name": "95062",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95062"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7836",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:39.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-40895 (GCVE-0-2024-40895)

    Vulnerability from cvelistv5 – Published: 2024-07-30 08:37 – Updated: 2024-08-02 04:39
    VLAI
    Summary
    FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    FFRI Security, Inc. FFRI AMC Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    NEC Corporation FFRI AMC for ActSecure χ Affected: 3.4.0 to 3.5.3
    Create a notification for this product.
    Sky Co., Ltd. EDR Plus Pack Affected: Bundled FFRI AMC versions 3.4.0 to 3.5.3
    Create a notification for this product.
    ffri ffri_amc Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    skygroup edr_plus_pack_cloud Affected: 3.4.0 , < 3.5.3 (custom)
        cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ffri:ffri_amc:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ffri_amc",
                "vendor": "ffri",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:skygroup:edr_plus_pack_cloud:3.4.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edr_plus_pack_cloud",
                "vendor": "skygroup",
                "versions": [
                  {
                    "lessThan": "3.5.3",
                    "status": "affected",
                    "version": "3.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-30T14:16:27.684515Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T17:31:56.655Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:39:55.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/240729_01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN26734798/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFRI AMC",
              "vendor": "FFRI Security, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "FFRI AMC for ActSecure \u03c7",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.4.0 to 3.5.3"
                }
              ]
            },
            {
              "product": "EDR Plus Pack",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI AMC versions 3.4.0 to 3.5.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the executable file path is set to a batch file (.bat) or command file (.cmd) extension."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-30T08:37:07.607Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ffri.jp/assets/files/other_docs/20240729.pdf"
            },
            {
              "url": "https://www.support.nec.co.jp/View.aspx?id=3140109694"
            },
            {
              "url": "https://www.skyseaclientview.net/news/240729_01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN26734798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40895",
        "datePublished": "2024-07-30T08:37:07.607Z",
        "dateReserved": "2024-07-12T03:00:58.480Z",
        "dateUpdated": "2024-08-02T04:39:55.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39341 (GCVE-0-2023-39341)

    Vulnerability from cvelistv5 – Published: 2023-08-09 02:42 – Updated: 2024-10-17 14:20
    VLAI
    Summary
    "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper check or handling of exceptional conditions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:02:06.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.ffri.jp/security-info/index.htm"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sourcenext.com/support/i/2023/230718_01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/230807_01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN42527152/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39341",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:20:33.187569Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:20:49.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFRI yarai",
              "vendor": "FFRI Security, Inc. ",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            },
            {
              "product": "FFRI yarai Home and Business Edition",
              "vendor": "FFRI Security, Inc. ",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.4.0"
                }
              ]
            },
            {
              "product": "InfoTrace Mark II Malware Protection (Mark II Zerona)",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.0.1 to 3.2.2"
                }
              ]
            },
            {
              "product": "Zerona / Zerona PLUS",
              "vendor": "Soliton Systems K.K.",
              "versions": [
                {
                  "status": "affected",
                  "version": " versions 3.2.32 to 3.2.36"
                }
              ]
            },
            {
              "product": "ActSecure \u03c7",
              "vendor": "NEC Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            },
            {
              "product": "Dual Safe Powered by FFRI yarai",
              "vendor": "SOURCENEXT CORPORATION ",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 1.4.1"
                }
              ]
            },
            {
              "product": "EDR Plus Pack",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            },
            {
              "product": "EDR Plus Pack Cloud",
              "vendor": "Sky Co., Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure \u03c7 versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper check or handling of exceptional conditions",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-09T02:42:51.631Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ffri.jp/security-info/index.htm"
            },
            {
              "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html"
            },
            {
              "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240"
            },
            {
              "url": "https://www.sourcenext.com/support/i/2023/230718_01"
            },
            {
              "url": "https://www.skyseaclientview.net/news/230807_01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN42527152/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39341",
        "datePublished": "2023-08-09T02:42:51.631Z",
        "dateReserved": "2023-07-28T09:52:26.677Z",
        "dateUpdated": "2024-10-17T14:20:49.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20616 (GCVE-0-2021-20616)

    Vulnerability from cvelistv5 – Published: 2021-01-13 09:40 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
    Severity
    No CVSS data available.
    CWE
    • Untrusted search path vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.1.020.05b to Ver.16.001.01g
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.726Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/210112_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.1.020.05b to Ver.16.001.01g"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted search path vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-13T09:40:36.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/210112_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.1.020.05b to Ver.16.001.01g"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted search path vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/210112_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/210112_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN69635538/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20616",
        "datePublished": "2021-01-13T09:40:37.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5617 (GCVE-0-2020-5617)

    Vulnerability from cvelistv5 – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
    VLAI
    Summary
    Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.12.200.12n to 15.210.05f
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:39:23.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.skyseaclientview.net/news/200803_01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.12.200.12n to 15.210.05f"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-04T01:05:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.skyseaclientview.net/news/200803_01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2020-5617",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.12.200.12n to 15.210.05f"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.skyseaclientview.net/news/200803_01/",
                  "refsource": "MISC",
                  "url": "https://www.skyseaclientview.net/news/200803_01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN25422698/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2020-5617",
        "datePublished": "2020-08-04T01:05:50.000Z",
        "dateReserved": "2020-01-06T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:39:23.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7836 (GCVE-0-2016-7836)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote code execution
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Sky Co., LTD. SKYSEA Client View Affected: Ver.11.221.03 and earlier
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.skyseaclientview.net/news/161221/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.skygroup.jp/security-info/170308.html"
              },
              {
                "name": "JVN#84995847",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
              },
              {
                "name": "95062",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95062"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-7836",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T03:56:28.049245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-10-14",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:39.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-10-14T00:00:00.000Z",
                "value": "CVE-2016-7836 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SKYSEA Client View",
              "vendor": "Sky Co., LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Ver.11.221.03 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.skyseaclientview.net/news/161221/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.skygroup.jp/security-info/170308.html"
            },
            {
              "name": "JVN#84995847",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
            },
            {
              "name": "95062",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95062"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SKYSEA Client View",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Ver.11.221.03 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sky Co., LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.skyseaclientview.net/news/161221/",
                  "refsource": "CONFIRM",
                  "url": "http://www.skyseaclientview.net/news/161221/"
                },
                {
                  "name": "https://www.skygroup.jp/security-info/170308.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.skygroup.jp/security-info/170308.html"
                },
                {
                  "name": "JVN#84995847",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
                },
                {
                  "name": "95062",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95062"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7836",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:39.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }