Vulnerability Description
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skygroup | Skysea Client View | >= 16.100.06f, < 19.300.09h |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN54451757/Third Party Advisory
- https://www.skyseaclientview.net/news/240307_01/Vendor Advisory
- https://jvn.jp/en/jp/JVN54451757/Third Party Advisory
- https://www.skyseaclientview.net/news/240307_01/Vendor Advisory
FAQ
What is CVE-2024-21805?
CVE-2024-21805 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be place...
How severe is CVE-2024-21805?
CVE-2024-21805 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21805?
Check the references section above for vendor advisories and patch information. Affected products include: Skygroup Skysea Client View.