Search

Find a vulnerability

Search criteria

    3 vulnerabilities by WORKS MOBILE Japan Corp.

    CVE-2023-25953 (GCVE-0-2023-25953)

    Vulnerability from nvd – Published: 2023-05-23 00:00 – Updated: 2025-01-17 21:47
    VLAI
    Summary
    Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Code injection
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    WORKS MOBILE Japan Corp. Drive Explorer for macOS Affected: versions 3.5.4 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:39:06.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://line.worksmobile.com/jp/release-notes/20230216/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN01937209/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 9,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-17T21:46:03.724086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-17T21:47:04.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Drive Explorer for macOS",
              "vendor": "WORKS MOBILE Japan Corp.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.5.4 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-23T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://line.worksmobile.com/jp/release-notes/20230216/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN01937209/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-25953",
        "datePublished": "2023-05-23T00:00:00.000Z",
        "dateReserved": "2023-03-15T00:00:00.000Z",
        "dateUpdated": "2025-01-17T21:47:04.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25953 (GCVE-0-2023-25953)

    Vulnerability from cvelistv5 – Published: 2023-05-23 00:00 – Updated: 2025-01-17 21:47
    VLAI
    Summary
    Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Code injection
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    WORKS MOBILE Japan Corp. Drive Explorer for macOS Affected: versions 3.5.4 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:39:06.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://line.worksmobile.com/jp/release-notes/20230216/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN01937209/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 9,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25953",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-17T21:46:03.724086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-17T21:47:04.078Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Drive Explorer for macOS",
              "vendor": "WORKS MOBILE Japan Corp.",
              "versions": [
                {
                  "status": "affected",
                  "version": "versions 3.5.4 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-23T00:00:00.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://line.worksmobile.com/jp/release-notes/20230216/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN01937209/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-25953",
        "datePublished": "2023-05-23T00:00:00.000Z",
        "dateReserved": "2023-03-15T00:00:00.000Z",
        "dateUpdated": "2025-01-17T21:47:04.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2023-000041

    Vulnerability from jvndb - Published: 2023-05-08 15:16 - Updated:2024-05-23 17:03
    Severity
    Summary
    LINE WORKS Drive Explorer vulnerable to code injection
    Details
    LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability (CWE-94). Koh M. Nakagawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000041.html",
      "dc:date": "2024-05-23T17:03+09:00",
      "dcterms:issued": "2023-05-08T15:16+09:00",
      "dcterms:modified": "2024-05-23T17:03+09:00",
      "description": "LINE WORKS Drive Explorer provided by WORKS MOBILE Japan Corp. contains a code injection vulnerability (CWE-94).\r\n\r\nKoh M. Nakagawa reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000041.html",
      "sec:cpe": {
        "#text": "cpe:/a:worksmobile:drive_explorer",
        "@product": "Drive Explorer",
        "@vendor": "WORKS MOBILE Japan Corp.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.6",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
          "@version": "2.0"
        },
        {
          "@score": "9.0",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000041",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN01937209/index.html",
          "@id": "JVN#01937209",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-25953",
          "@id": "CVE-2023-25953",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25953",
          "@id": "CVE-2023-25953",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        }
      ],
      "title": "LINE WORKS Drive Explorer vulnerable to code injection"
    }