CVE-2016-7843
Published on: 04/28/2017 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:07 PM UTC
Certain versions of Attachecase For Java from Hibara Software contain the following vulnerability:
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.
- CVE-2016-7843 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
MaruUo Factory - AttacheCase for Java version Ver0.60 and earlier
- Affected Vendor/Software:
MaruUo Factory - AttacheCase Lite version Ver1.4.6 and earlier
- Affected Vendor/Software:
MaruUo Factory - AttacheCase Pro version Ver1.5.7 and earlier
CVSS3 Score: 5.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | NONE | HIGH | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Multiple AttacheCase Products CVE-2016-7843 Directory Traversal Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
JVN#28331227: MaruUo Factory's multiple AttacheCase products vulnerable to directory traversal | Third Party Advisory VDB Entry jvn.jp text/xml |
![]() |
アタッシェケース for Java | Third Party Advisory maruuofactory.life.coocan.jp text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Hibara Software | Attachecase For Java | All | All | All | All |
Application | Hibara Software | Attachecase Lite | All | All | All | All |
Application | Hibara Software | Attachecase Pro | All | All | All | All |
- cpe:2.3:a:hibara_software:attachecase_for_java:*:*:*:*:*:*:*:*:
- cpe:2.3:a:hibara_software:attachecase_lite:*:*:*:*:*:*:*:*:
- cpe:2.3:a:hibara_software:attachecase_pro:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE