Vulnerability Description
Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Justsystems | Hanako | 2015 |
| Justsystems | Hanako Police | 5 |
| Justsystems | Hanako Pro | 3 |
| Justsystems | Just Frontier | 3 |
| Justsystems | Just Government | 3 |
| Justsystems | Just Jump Class | 2 |
| Justsystems | Just Office | 3 |
| Justsystems | Just Police | 3 |
| Justsystems | Just School | 6 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN54268888/index.htmlThird Party AdvisoryVDB Entry
- https://www.justsystems.com/jp/info/js17002.htmlVendor Advisory
- https://jvn.jp/en/jp/JVN54268888/index.htmlThird Party AdvisoryVDB Entry
- https://www.justsystems.com/jp/info/js17002.htmlVendor Advisory
FAQ
What is CVE-2017-2154?
CVE-2017-2154 is a vulnerability with a CVSS score of 7.8 (HIGH). Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUS...
How severe is CVE-2017-2154?
CVE-2017-2154 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2154?
Check the references section above for vendor advisories and patch information. Affected products include: Justsystems Hanako, Justsystems Hanako Police, Justsystems Hanako Pro, Justsystems Just Frontier, Justsystems Just Government.