CVE-2024-47560

{"id": "CVE-2024-47560", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-01T02:15:10.143", "references": [{"url": "https://jscom.jp/news-20240918/", "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN39280069/", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry."}, {"lang": "es", "value": "RevoWorks Cloud Client 3.0.91 y versiones anteriores contienen una vulnerabilidad de autorizaci\u00f3n incorrecta. Si se explota esta vulnerabilidad, se pueden ejecutar procesos no deseados en el entorno de la sandbox. Incluso si se ejecuta malware en el entorno de la sandbox, no compromete el entorno local del cliente. Sin embargo, la informaci\u00f3n del entorno de la sandbox puede divulgarse al exterior o se pueden violar los comportamientos del entorno de la sandbox mediante la manipulaci\u00f3n del registro."}], "lastModified": "2024-10-04T13:51:25.567", "sourceIdentifier": "vultures@jpcert.or.jp"}