CVE-2022-36344

Published Aug 16, 2022
Last updated 2 years ago
CVSS critical 9.8
Overview

Description: An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.
Source: vultures@jpcert.or.jp
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
Weaknesses

nvd@nist.gov: CWE-428
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBEAEFCB-0736-49F7-84BD-28EFDC2A1B51"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC35F9A9-C574-41F6-92D9-21DF4778FA86"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "114490A2-2519-4B52-8EBF-3205B43BEFE3"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4F9F0F1-D994-49B6-BFB8-1BE988C34A52"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57AF9B76-BF5D-488C-BFD5-579F45FAEC49"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93422705-9E8B-458C-BD72-E82A8A3C0EFF"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5FF3254-6391-4794-8B2F-732E670DA678"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B4854A7-28DA-4672-BEBF-1ECF36D5EB86"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "700BCC03-72E5-47B8-930C-0AECC317A678"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CB51BFD-02E3-47AF-B7E5-79CE0976C27E"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9A4C395-A976-4F95-94A6-BCE5E8C9CCFD"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C65FF377-C51D-4174-95E5-E7160DB1A00D"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DE5C321-5252-45DC-9B10-492064226821"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBAA0571-93AA-4C4C-8384-813F3210A3F7"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C541F4FC-DC18-40C2-AC6E-F75BC2263229"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DF2A4C2-ACC8-48A3-BAD0-F69039F2146C"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FE45593-9017-4672-A9BF-8A1407527357"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AADBDD8-139A-4BB4-BE7A-A196ECD1A654"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E219D80-8644-42C8-BB17-FFEBA9C21B9E"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "255EDA85-DC90-4EA3-AD75-6A6689546CA5"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7520C861-914D-4A5B-BCAA-915EC8A3AB49"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4B44FE5-FA7A-429E-829D-8665B410B82B"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34657EE8-1D20-442C-9BB8-79629F49E16B"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69D92070-76F9-4C48-AF8E-05EE8217DFB8"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A47BAC-EA81-42ED-942F-C74088122838"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F2CE912-BD2E-4695-BBA5-896629AA8DF7"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4CBEAD9-4C99-413B-B86A-55F36B215113"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49902F6-5022-41D7-998E-8576BFD0A6EE"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "515D8382-6FAC-4C35-9808-A11AAB0D8C11"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18193350-CFAB-4B10-B780-E37850E84B7E"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE561614-8D25-4DB9-A9DC-181CF89E2053"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "805F0FC4-99DE-4632-97C6-AE8A5D0682A7"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A9730B3-CCA6-4E1C-85E0-AEE81E726573"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62597837-8FFB-4751-9FFD-D3B92BF1D63B"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "496E0528-FFBB-4093-B1D2-00BFF043328C"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21F72319-48C2-4C15-BC62-FD915FB7B9F6"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF722D18-413B-4B71-91B2-2BFF4BE5D948"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B3FDA20-FEF9-4B55-92D9-1771C985112C"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "283E5EF3-85B4-4C6B-A66C-942B09A0B578"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAE8EF38-8E7F-4EA0-9B3F-23D92E252324"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3F2FD3B-757A-4FBD-9C0A-C71F60BC4CB1"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42BABB84-A671-43B2-A318-914AF524AC36"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28B47EB7-4D3D-4699-B50A-9315D3EC7860"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76EF577E-2E78-491D-AD89-5653FBCEC882"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "071CC61D-BE9B-43FA-8634-F575BAC03A5C"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7B8F588-4330-4824-9110-06C1F8B9B940"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCF334E4-9B44-4B17-9A9B-D3275D838905"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9BAF18F-249C-40A8-AB11-F8923693CAC9"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BF24ADD-AB6F-41C1-840E-3762DEA568A6"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B3AB93-B50E-4039-936D-7FCE01721546"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C96D8CFF-16AC-4108-B80F-F6D8E62288C1"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "977D9558-0027-40E6-A0C3-9111778C9D22"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3660905-7806-419A-AA02-9C4C996261A4"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A9C3D7C-ABD8-41A2-A8DD-F779FC2491B4"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCBA3971-6F84-4C55-8D2D-F88C522838F8"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7173644D-36CE-436D-8CCC-AAB639752891"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD5603C6-F40A-4C1E-BE21-5B795B290446"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E4E275-8B0A-4246-B18C-443A43A4D95F"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21C2845-08A6-47AC-BF04-661EFD6496DD"
          },
          {
            "criteria": "cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA45543-4571-46DC-B7DC-998622269E17"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
