CVE-2022-36344

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-36344
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN57073973/index.html Third Party Advisory
https://www.justsystems.com/jp/corporate/info/js22001.html Vendor Advisory
https://jvn.jp/en/jp/JVN57073973/index.html Third Party Advisory
https://www.justsystems.com/jp/corporate/info/js22001.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*
cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*
History

21 Nov 2024, 07:12

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN57073973/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN57073973/index.html - Third Party Advisory
References () https://www.justsystems.com/jp/corporate/info/js22001.html - Vendor Advisory () https://www.justsystems.com/jp/corporate/info/js22001.html - Vendor Advisory

23 Aug 2022, 16:02

Type Values Removed Values Added
References (MISC) https://www.justsystems.com/jp/corporate/info/js22001.html - (MISC) https://www.justsystems.com/jp/corporate/info/js22001.html - Vendor Advisory
References (MISC) https://jvn.jp/en/jp/JVN57073973/index.html - (MISC) https://jvn.jp/en/jp/JVN57073973/index.html - Third Party Advisory
CPE cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*
cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-428

16 Aug 2022, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-08-16 08:15

Updated : 2024-11-21 07:12

NVD link : CVE-2022-36344

Mitre link : CVE-2022-36344

CVE.ORG link : CVE-2022-36344

JSON object : View

Products Affected

justsystems

  • homepage_builder_21
  • just_pdf_5
  • atok_pro_4
  • just_smile_6
  • just_note_5
  • just_note_3
  • just_medical_2
  • hanako_pro_3
  • just_frontier_3
  • hanako_police_7
  • ichitaro_pro_5
  • hanako_police_5
  • just_medical_3
  • just_jump_class_2
  • just_school_7
  • just_police_4
  • just_medical_5
  • ichitaro_government_10
  • hanako_pro_4
  • hanako_pro_5
  • just_pdf_4
  • just_police_5
  • just_calc_5
  • ichitaro_government_8
  • just_medical_4
  • ichitaro_pro_4
  • ichitaro_government_9
  • just_government_4
  • just_office_3
  • atok_medical_2
  • just_police_3
  • just_smile_7
  • shuriken_pro_6
  • just_office_2
  • just_school_6
  • hanako_police_6
  • just_government_3
  • just_focus_4
  • just_police_2
  • just_government_2
  • just_smile_class_2
  • just_smile_8
  • just_jump_class
  • atok_medical_3
  • atok_pro_5
  • just_jump_8
  • just_office_4
  • just_calc_4
  • just_focus_3
  • shuriken_pro_7
  • homepage_builder_20
  • ichitaro_pro_3
  • just_pdf_3
  • tri-de_dataprotect
  • just_government_5
  • just_note_4
  • just_office_5
  • atok_pro_3
  • just_calc_3
  • homepage_builder_22
CWE
CWE-428

Unquoted Search Path or Element