FKIE_CVE-2026-27776

Vulnerability from fkie_nvd - Published: 2026-02-27 08:17 - Updated: 2026-03-23 14:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege.
References
vultures@jpcert.or.jphttps://global.intra-mart.support/hc/en-us/articles/55266898383641Vendor Advisory
vultures@jpcert.or.jphttps://jvn.jp/en/jp/JVN80500630/Third Party Advisory
Impacted products
Vendor Product Version
intra-mart accel_platform 8.0.4
intra-mart accel_platform 8.0.5
intra-mart accel_platform 8.0.6
intra-mart accel_platform 8.0.7
intra-mart accel_platform 8.0.8
intra-mart accel_platform 8.0.9
intra-mart accel_platform 8.0.10
intra-mart accel_platform 8.0.11
intra-mart accel_platform 8.0.12
intra-mart accel_platform 8.0.13
intra-mart accel_platform 8.0.14
intra-mart accel_platform 8.0.15
intra-mart accel_platform 8.0.16
intra-mart accel_platform 8.0.17
intra-mart accel_platform 8.0.19
intra-mart accel_platform 8.0.20
intra-mart accel_platform 8.0.21
intra-mart accel_platform 8.0.22
intra-mart accel_platform 8.0.23
intra-mart accel_platform 8.0.24
intra-mart accel_platform 8.0.25
intra-mart accel_platform 8.0.26
intra-mart accel_platform 8.0.27
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "89F16356-1DDC-4B0E-A3BD-D6E28FFD05A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "411AC706-E6E8-43CB-B306-2843FF30EF0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "E28D8EF5-B2AE-4059-9938-E50D8561C4D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "EC5C891F-D7DD-4114-A41E-F5BE6C090862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.8:-:*:*:*:*:*:*",
              "matchCriteriaId": "3C042BF5-B682-49B1-B55A-747FD8E404F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.9:-:*:*:*:*:*:*",
              "matchCriteriaId": "0144B6BE-5B86-40E8-B271-6400C8DA10AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.10:-:*:*:*:*:*:*",
              "matchCriteriaId": "E7139EEC-BA08-4A35-8757-88DA39DD3FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.11:-:*:*:*:*:*:*",
              "matchCriteriaId": "DD886B62-7059-436D-B694-3BB5BA52F9A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.12:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7E58764-9A88-4922-BD2F-23BB958C10C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.13:-:*:*:*:*:*:*",
              "matchCriteriaId": "015F17DC-934C-4BB2-BD46-19DEED7EE505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.14:-:*:*:*:*:*:*",
              "matchCriteriaId": "08F5637C-5BAD-45B4-8A9E-B785DB0E6876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "A4B2E864-E7A1-440C-999A-4D0960AA7314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.16:-:*:*:*:*:*:*",
              "matchCriteriaId": "DC4462C2-897E-4AFA-97AB-21C7985896E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.17:-:*:*:*:*:*:*",
              "matchCriteriaId": "59B3CAB0-13AF-4CF4-A953-3FEFECF74DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.19:-:*:*:*:*:*:*",
              "matchCriteriaId": "B6AD9220-23CA-410E-804D-BED13FDA10BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.20:-:*:*:*:*:*:*",
              "matchCriteriaId": "9347A2F6-6649-48A7-A96C-B8F92C60198A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.21:-:*:*:*:*:*:*",
              "matchCriteriaId": "1BED774C-CF35-43C5-BECB-E87F0EF12500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.22:-:*:*:*:*:*:*",
              "matchCriteriaId": "2BA7CEA2-94C8-409D-AE35-D57EBF3968D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.23:-:*:*:*:*:*:*",
              "matchCriteriaId": "D3730474-4CD9-44D5-B500-D63D45702193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.24:-:*:*:*:*:*:*",
              "matchCriteriaId": "2632CAB9-A0F0-4CB3-A0D5-42D2A8F6FEE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.25:-:*:*:*:*:*:*",
              "matchCriteriaId": "4266B4E3-7796-448A-9F98-75480C23EB93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.26:-:*:*:*:*:*:*",
              "matchCriteriaId": "6B0F52F4-F4FC-47F7-9252-9A2D16ACD0BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intra-mart:accel_platform:8.0.27:-:*:*:*:*:*:*",
              "matchCriteriaId": "9F4FAEDE-4933-45A1-8F55-E6CC71969AF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IM-LogicDesigner module of intra-mart Accel Platform contains insecure deserialization issue. This can be exploited only when IM-LogicDesigner is deployed on the system. Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo IM-LogicDesigner de intra-mart Accel Platform contiene un problema de deserializaci\u00f3n insegura. Esto puede ser explotado solo cuando IM-LogicDesigner est\u00e1 desplegado en el sistema. Se puede ejecutar c\u00f3digo arbitrario cuando se importa alg\u00fan archivo manipulado por un usuario con privilegios de administrador."
    }
  ],
  "id": "CVE-2026-27776",
  "lastModified": "2026-03-23T14:21:07.567",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-27T08:17:09.850",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://global.intra-mart.support/hc/en-us/articles/55266898383641"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN80500630/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.