An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Justsystems
  • Atok Medical 2
  • Atok Medical 3
  • Atok Pro 3
  • Atok Pro 4
  • Atok Pro 5
  • Hanako Police 5
  • Hanako Police 6
  • Hanako Police 7
  • Hanako Pro 3
  • Hanako Pro 4
  • Hanako Pro 5
  • Homepage Builder 20
  • Homepage Builder 21
  • Homepage Builder 22
  • Ichitaro Government 10
  • Ichitaro Government 8
  • Ichitaro Government 9
  • Ichitaro Pro 3
  • Ichitaro Pro 4
  • Ichitaro Pro 5
  • Just Calc 3
  • Just Calc 4
  • Just Calc 5
  • Just Focus 3
  • Just Focus 4
  • Just Frontier 3
  • Just Government 2
  • Just Government 3
  • Just Government 4
  • Just Government 5
  • Just Jump 8
  • Just Jump Class
  • Just Jump Class 2
  • Just Medical 2
  • Just Medical 3
  • Just Medical 4
  • Just Medical 5
  • Just Note 3
  • Just Note 4
  • Just Note 5
  • Just Office 2
  • Just Office 3
  • Just Office 4
  • Just Office 5
  • Just Pdf 3
  • Just Pdf 4
  • Just Pdf 5
  • Just Police 2
  • Just Police 3
  • Just Police 4
  • Just Police 5
  • Just School 6
  • Just School 7
  • Just Smile 6
  • Just Smile 7
  • Just Smile 8
  • Just Smile Class 2
  • Shuriken Pro 6
  • Shuriken Pro 7
  • Tri-de Dataprotect

Configuration 1 [-]

OR cpe:2.3:a:justsystems:atok_medical_2:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_medical_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_3:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_4:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:atok_pro_5:*:*:*:*:*:windows:*:*
cpe:2.3:a:justsystems:hanako_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_police_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:hanako_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_20:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_21:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:homepage_builder_22:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_10:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_government_9:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:ichitaro_pro_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_calc_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_focus_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_focus_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_frontier_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_government_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_jump_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_medical_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_note_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_office_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_pdf_5:*:*:*:*:pro:*:*:*
cpe:2.3:a:justsystems:just_police_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_3:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_4:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_police_5:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_school_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_8:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:just_smile_class_2:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_6:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:shuriken_pro_7:*:*:*:*:*:*:*:*
cpe:2.3:a:justsystems:tri-de_dataprotect:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://jvn.jp/en/jp/JVN57073973/index.html cve-icon cve-icon
https://www.justsystems.com/jp/corporate/info/js22001.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-08-16T07:03:05

Updated: 2024-08-03T10:00:04.308Z

Reserved: 2022-07-22T00:00:00

Link: CVE-2022-36344

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-08-16T08:15:09.157

Modified: 2022-08-23T16:02:22.877

Link: CVE-2022-36344

cve-icon Redhat

No data.