Vulnerability Description
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jscom | Revoworks Browser | < 2.2.69 |
| Jscom | Revoworks Desktop | < 2.1.85 |
| Jscom | Revoworks Scvx | < 1.0.44 |
References
- https://jscom.jp/news-20220527/Vendor Advisory
- https://jvn.jp/en/jp/JVN27256219/index.htmlThird Party Advisory
- https://jscom.jp/news-20220527/Vendor Advisory
- https://jvn.jp/en/jp/JVN27256219/index.htmlThird Party Advisory
FAQ
What is CVE-2022-27176?
CVE-2022-27176 is a vulnerability with a CVSS score of 7.8 (HIGH). Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'Fil...
How severe is CVE-2022-27176?
CVE-2022-27176 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27176?
Check the references section above for vendor advisories and patch information. Affected products include: Jscom Revoworks Browser, Jscom Revoworks Desktop, Jscom Revoworks Scvx.