CVE-2022-27176

14.06.2022, 09:15

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
jpcert	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 46%

Vendor	Product	Version
jscom	revoworks_browser	𝑥 < 2.2.69
jscom	revoworks_desktop	𝑥 < 2.1.85
jscom	revoworks_scvx	𝑥 < 1.0.44

𝑥

= Vulnerable software versions

References

https://jscom.jp/news-20220527/

https://jvn.jp/en/jp/JVN27256219/index.html

https://jscom.jp/news-20220527/

https://jvn.jp/en/jp/JVN27256219/index.html