All the vulnerabilites related to Sky Co., LTD. - SKYSEA Client View
cve-2021-20616
Vulnerability from cvelistv5
Published
2021-01-13 09:40
Modified
2024-08-03 17:45
Severity ?
Summary
Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.726Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.skyseaclientview.net/news/210112_01/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SKYSEA Client View",
          "vendor": "Sky Co., LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.020.05b to Ver.16.001.01g"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Untrusted search path vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-13T09:40:36",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.skyseaclientview.net/news/210112_01/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SKYSEA Client View",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.1.020.05b to Ver.16.001.01g"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sky Co., LTD."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.001.01g allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.skyseaclientview.net/news/210112_01/",
              "refsource": "MISC",
              "url": "https://www.skyseaclientview.net/news/210112_01/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN69635538/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN69635538/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20616",
    "datePublished": "2021-01-13T09:40:37",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:44.726Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-7836
Vulnerability from cvelistv5
Published
2017-06-09 16:00
Modified
2024-08-06 02:04
Severity ?
Summary
SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
References
http://www.skyseaclientview.net/news/161221/x_refsource_CONFIRM
https://www.skygroup.jp/security-info/170308.htmlx_refsource_CONFIRM
https://jvn.jp/en/jp/JVN84995847/index.htmlthird-party-advisory, x_refsource_JVN
http://www.securityfocus.com/bid/95062vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:04:56.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.skyseaclientview.net/news/161221/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.skygroup.jp/security-info/170308.html"
          },
          {
            "name": "JVN#84995847",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
          },
          {
            "name": "95062",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SKYSEA Client View",
          "vendor": "Sky Co., LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.11.221.03 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2016-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-12T09:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.skyseaclientview.net/news/161221/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.skygroup.jp/security-info/170308.html"
        },
        {
          "name": "JVN#84995847",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
        },
        {
          "name": "95062",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-7836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SKYSEA Client View",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.11.221.03 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sky Co., LTD."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.skyseaclientview.net/news/161221/",
              "refsource": "CONFIRM",
              "url": "http://www.skyseaclientview.net/news/161221/"
            },
            {
              "name": "https://www.skygroup.jp/security-info/170308.html",
              "refsource": "CONFIRM",
              "url": "https://www.skygroup.jp/security-info/170308.html"
            },
            {
              "name": "JVN#84995847",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN84995847/index.html"
            },
            {
              "name": "95062",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-7836",
    "datePublished": "2017-06-09T16:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:04:56.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-5617
Vulnerability from cvelistv5
Published
2020-08-04 01:05
Modified
2024-08-04 08:39
Severity ?
Summary
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:23.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.skyseaclientview.net/news/200803_01/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SKYSEA Client View",
          "vendor": "Sky Co., LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.12.200.12n to 15.210.05f"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-04T01:05:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.skyseaclientview.net/news/200803_01/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SKYSEA Client View",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Ver.12.200.12n to 15.210.05f"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Sky Co., LTD."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.skyseaclientview.net/news/200803_01/",
              "refsource": "MISC",
              "url": "https://www.skyseaclientview.net/news/200803_01/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN25422698/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN25422698/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5617",
    "datePublished": "2020-08-04T01:05:50",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:23.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2020-000052
Vulnerability from jvndb
Published
2020-08-03 14:59
Modified
2020-08-03 14:59
Severity ?
Summary
SKYSEA Client View vulnerable to privilege escalation
Details
SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268). Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated under the Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000052.html",
  "dc:date": "2020-08-03T14:59+09:00",
  "dcterms:issued": "2020-08-03T14:59+09:00",
  "dcterms:modified": "2020-08-03T14:59+09:00",
  "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains a privilege escalation vulnerability (CWE-268).\r\n\r\nSky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000052.html",
  "sec:cpe": {
    "#text": "cpe:/a:skygroup:skysea_client_view",
    "@product": "SKYSEA Client View",
    "@vendor": "Sky Co., LTD.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000052",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN25422698/index.html",
      "@id": "JVN#25422698",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5617",
      "@id": "CVE-2020-5617",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5617",
      "@id": "CVE-2020-5617",
      "@source": "NVD"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2020/at200031.html",
      "@id": "JPCERT-AT-2020-0031",
      "@source": "JPCERT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "SKYSEA Client View vulnerable to privilege escalation"
}

jvndb-2024-000074
Vulnerability from jvndb
Published
2024-07-29 15:28
Modified
2024-07-31 14:12
Severity ?
Summary
Multiple vulnerabilities in SKYSEA Client View
Details
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. <ul> <li>Improper access control in the specific process (CWE-266) - CVE-2024-41139</li> <li>Origin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143</li> <li>Path traversal (CWE-22) - CVE-2024-41726</li> </ul> Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
  "dc:date": "2024-07-31T14:12+09:00",
  "dcterms:issued": "2024-07-29T15:28+09:00",
  "dcterms:modified": "2024-07-31T14:12+09:00",
  "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eImproper access control in the specific process (CWE-266) - CVE-2024-41139\u003c/li\u003e\r\n\u003cli\u003eOrigin validation error in shared memory data exchanges (CWE-346) - CVE-2024-41143\u003c/li\u003e\r\n\u003cli\u003ePath traversal (CWE-22) - CVE-2024-41726\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000074.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:skygroup:skysea_client_view",
      "@product": "SKYSEA Client View",
      "@vendor": "Sky Co., LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:skygroup:skysea_client_view",
      "@product": "SKYSEA Client View",
      "@vendor": "Sky Co., LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:skygroup:skysea_client_view",
      "@product": "SKYSEA Client View",
      "@vendor": "Sky Co., LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000074",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN84326763/index.html",
      "@id": "JVN#84326763",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41139",
      "@id": "CVE-2024-41139",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41143",
      "@id": "CVE-2024-41143",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-41726",
      "@id": "CVE-2024-41726",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in SKYSEA Client View"
}

jvndb-2021-000003
Vulnerability from jvndb
Published
2021-01-12 15:53
Modified
2021-01-12 15:53
Severity ?
Summary
The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries
Details
SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. The installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). shogo kumamaru of LAC Co.,Ltd reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000003.html",
  "dc:date": "2021-01-12T15:53+09:00",
  "dcterms:issued": "2021-01-12T15:53+09:00",
  "dcterms:modified": "2021-01-12T15:53+09:00",
  "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool.\r\nThe installer of SKYSEA Client View contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nshogo kumamaru of LAC Co.,Ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000003.html",
  "sec:cpe": {
    "#text": "cpe:/a:skygroup:skysea_client_view",
    "@product": "SKYSEA Client View",
    "@vendor": "Sky Co., LTD.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000003",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN69635538/index.html",
      "@id": "JVN#69635538",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20616",
      "@id": "CVE-2021-20616",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20616",
      "@id": "CVE-2021-20616",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "The installer of SKYSEA Client View may insecurely load Dynamic Link Libraries"
}

jvndb-2024-000028
Vulnerability from jvndb
Published
2024-03-07 16:09
Modified
2024-07-29 18:13
Severity ?
Summary
Multiple vulnerabilities in SKYSEA Client View
Details
SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View contains multiple vulnerabilities listed below. * Improper access control in the specific folder (CWE-276) - CVE-2024-21805 * Improper access control in the resident process (CWE-749) - CVE-2024-24964 CVE-2024-21805 Ken Kitahara of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-24964 Ruslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html",
  "dc:date": "2024-07-29T18:13+09:00",
  "dcterms:issued": "2024-03-07T16:09+09:00",
  "dcterms:modified": "2024-07-29T18:13+09:00",
  "description": "SKYSEA Client View provided by Sky Co.,LTD. is an Enterprise IT Asset Management Tool.\r\nSKYSEA Client View contains multiple vulnerabilities listed below.\r\n\r\n  * Improper access control in the specific folder (CWE-276) - CVE-2024-21805\r\n  * Improper access control in the resident process (CWE-749) - CVE-2024-24964\r\n\r\nCVE-2024-21805\r\nKen Kitahara of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-24964\r\nRuslan Sayfiev, and Denis Faiustov of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Sky Co.,LTD. and coordinated. Sky Co.,LTD. and JPCERT/CC published respective advisories in order to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000028.html",
  "sec:cpe": {
    "#text": "cpe:/a:skygroup:skysea_client_view",
    "@product": "SKYSEA Client View",
    "@vendor": "Sky Co., LTD.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2024-000028",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN54451757/index.html",
      "@id": "JVN#54451757",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-21805",
      "@id": "CVE-2024-21805",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-24964",
      "@id": "CVE-2024-24964",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Multiple vulnerabilities in SKYSEA Client View"
}

jvndb-2016-000249
Vulnerability from jvndb
Published
2016-12-22 14:26
Modified
2017-11-27 16:53
Severity ?
Summary
SKYSEA Client View vulnerable to arbitrary code execution
Details
SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC. Attacks exploiting this vulnerability have been observed in the wild. Sky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html",
  "dc:date": "2017-11-27T16:53+09:00",
  "dcterms:issued": "2016-12-22T14:26+09:00",
  "dcterms:modified": "2017-11-27T16:53+09:00",
  "description": "SKYSEA Client View provided by Sky Co., LTD. is an Enterprise IT Asset Management Tool. SKYSEA Client View agent program contains an issue in processing authentication on the TCP communication with the management console program, which allows an attacker to execute an arbitrary code on the client PC.\r\n\r\nAttacks exploiting this vulnerability have been observed in the wild.\r\n\r\nSky Co., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Sky Co., LTD. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000249.html",
  "sec:cpe": {
    "#text": "cpe:/a:skygroup:skysea_client_view",
    "@product": "SKYSEA Client View",
    "@vendor": "Sky Co., LTD.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "10.0",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000249",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN84995847/index.html",
      "@id": "JVN#84995847",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7836",
      "@id": "CVE-2016-7836",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7836",
      "@id": "CVE-2016-7836",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20161222-jvn.html",
      "@id": "Security Alert for Vulnerability in SKYSEA Client View (JVN#84995847",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.jpcert.or.jp/at/2016/at160051.html",
      "@id": "JPCERT-AT-2016-0051",
      "@source": "JPCERT"
    },
    {
      "#text": "https://www.npa.go.jp/cyberpolice/detect/pdf/20161222.pdf",
      "@id": "Security Alert for Vulnerability in SKYSEA Client View",
      "@source": "AT-POLICE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "SKYSEA Client View vulnerable to arbitrary code execution"
}