cnvd - cnvd-2017-09823

cnvd-2017-09823

Vulnerability from cnvd

Title

ATLA Installer of electronic tendering and bid opening system远程代码执行漏洞

Description

Acquisition, Technology & Logistics Agency（ATLA）Installer of electronic tendering and bid opening system是日本Acquisition, Technology & Logistics Agency（ATLA）公司的一款电子投标和开标系统安装程序。 ATLA Installer of electronic tendering and bid opening system中存在安全漏洞。攻击者可利用该漏洞执行任意代码。

Severity

中

Patch Name

ATLA Installer of electronic tendering and bid opening system远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html

Reference

http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000100.html

Impacted products

Name
Acquisition, Technology and Logistics Agency Installer of electronic tendering and bid opening system

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98725"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2178"
    }
  },
  "description": "Acquisition, Technology \u0026 Logistics Agency\uff08ATLA\uff09Installer of electronic tendering and bid opening system\u662f\u65e5\u672cAcquisition, Technology \u0026 Logistics Agency\uff08ATLA\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7535\u5b50\u6295\u6807\u548c\u5f00\u6807\u7cfb\u7edf\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nATLA Installer of electronic tendering and bid opening system\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Eili Masami of Tachibana Lab.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-09823",
  "openTime": "2017-06-15",
  "patchDescription": "Acquisition, Technology \u0026 Logistics Agency\uff08ATLA\uff09Installer of electronic tendering and bid opening system\u662f\u65e5\u672cAcquisition, Technology \u0026 Logistics Agency\uff08ATLA\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7535\u5b50\u6295\u6807\u548c\u5f00\u6807\u7cfb\u7edf\u5b89\u88c5\u7a0b\u5e8f\u3002\r\n\r\nATLA Installer of electronic tendering and bid opening system\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ATLA Installer of electronic tendering and bid opening system\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Acquisition, Technology and Logistics Agency Installer of electronic tendering and bid opening system"
  },
  "referenceLink": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000100.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-27",
  "title": "ATLA Installer of electronic tendering and bid opening system\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-2178 (GCVE-0-2017-2178)

Vulnerability from cvelistv5

Published

2017-06-09 16:00

Modified

2024-08-05 13:48

Severity ?

CWE

Untrusted search path vulnerability

Summary

Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References

URL

Tags

	http://jvn.jp/en/jp/JVN75514460/index.html	third-party-advisory, x_refsource_JVN
	http://www.securityfocus.com/bid/98725	vdb-entry, x_refsource_BID
	http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html	x_refsource_CONFIRM