CVE-2022-36344
Summary
| CVE | CVE-2022-36344 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-16 08:15:00 UTC |
| Updated | 2022-08-23 16:02:00 UTC |
| Description | An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. |
Risk And Classification
Problem Types: CWE-428
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Justsystems | Atok Medical 2 | All | All | All | All |
| Application | Justsystems | Atok Medical 3 | All | All | All | All |
| Application | Justsystems | Atok Pro 3 | All | All | All | All |
| Application | Justsystems | Atok Pro 4 | All | All | All | All |
| Application | Justsystems | Atok Pro 5 | All | All | All | All |
| Application | Justsystems | Hanako Police 5 | All | All | All | All |
| Application | Justsystems | Hanako Police 6 | All | All | All | All |
| Application | Justsystems | Hanako Police 7 | All | All | All | All |
| Application | Justsystems | Hanako Pro 3 | All | All | All | All |
| Application | Justsystems | Hanako Pro 4 | All | All | All | All |
| Application | Justsystems | Hanako Pro 5 | All | All | All | All |
| Application | Justsystems | Homepage Builder 20 | All | All | All | All |
| Application | Justsystems | Homepage Builder 21 | All | All | All | All |
| Application | Justsystems | Homepage Builder 22 | All | All | All | All |
| Application | Justsystems | Ichitaro Government 10 | All | All | All | All |
| Application | Justsystems | Ichitaro Government 8 | - | All | All | All |
| Application | Justsystems | Ichitaro Government 9 | All | All | All | All |
| Application | Justsystems | Ichitaro Pro 3 | All | All | All | All |
| Application | Justsystems | Ichitaro Pro 4 | All | All | All | All |
| Application | Justsystems | Ichitaro Pro 5 | All | All | All | All |
| Application | Justsystems | Just Calc 3 | All | All | All | All |
| Application | Justsystems | Just Calc 4 | All | All | All | All |
| Application | Justsystems | Just Calc 5 | All | All | All | All |
| Application | Justsystems | Just Focus 3 | All | All | All | All |
| Application | Justsystems | Just Focus 4 | All | All | All | All |
| Application | Justsystems | Just Frontier 3 | All | All | All | All |
| Application | Justsystems | Just Government 2 | All | All | All | All |
| Application | Justsystems | Just Government 3 | All | All | All | All |
| Application | Justsystems | Just Government 4 | All | All | All | All |
| Application | Justsystems | Just Government 5 | All | All | All | All |
| Application | Justsystems | Just Jump 8 | All | All | All | All |
| Application | Justsystems | Just Jump Class | All | All | All | All |
| Application | Justsystems | Just Jump Class 2 | All | All | All | All |
| Application | Justsystems | Just Medical 2 | All | All | All | All |
| Application | Justsystems | Just Medical 3 | All | All | All | All |
| Application | Justsystems | Just Medical 4 | All | All | All | All |
| Application | Justsystems | Just Medical 5 | All | All | All | All |
| Application | Justsystems | Just Note 3 | All | All | All | All |
| Application | Justsystems | Just Note 4 | All | All | All | All |
| Application | Justsystems | Just Note 5 | All | All | All | All |
| Application | Justsystems | Just Office 2 | All | All | All | All |
| Application | Justsystems | Just Office 3 | All | All | All | All |
| Application | Justsystems | Just Office 4 | All | All | All | All |
| Application | Justsystems | Just Office 5 | All | All | All | All |
| Application | Justsystems | Just Pdf 3 | All | All | All | All |
| Application | Justsystems | Just Pdf 4 | All | All | All | All |
| Application | Justsystems | Just Pdf 5 | All | All | All | All |
| Application | Justsystems | Just Pdf 5 | All | All | All | All |
| Application | Justsystems | Just Police 2 | All | All | All | All |
| Application | Justsystems | Just Police 3 | All | All | All | All |
| Application | Justsystems | Just Police 4 | All | All | All | All |
| Application | Justsystems | Just Police 5 | All | All | All | All |
| Application | Justsystems | Just School 6 | All | All | All | All |
| Application | Justsystems | Just School 7 | All | All | All | All |
| Application | Justsystems | Just Smile 6 | All | All | All | All |
| Application | Justsystems | Just Smile 7 | All | All | All | All |
| Application | Justsystems | Just Smile 8 | All | All | All | All |
| Application | Justsystems | Just Smile Class 2 | All | All | All | All |
| Application | Justsystems | Shuriken Pro 6 | All | All | All | All |
| Application | Justsystems | Shuriken Pro 7 | All | All | All | All |
| Application | Justsystems | Tri-de Dataprotect | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| JVN#57073973: "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path | MISC | jvn.jp | |
| [JS22001]ライセンス商品に添付のオンラインアップデート機能の脆弱性対策 | お知らせ | ジャストシステム | MISC | www.justsystems.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.