Vulnerability Details : CVE-2022-27176
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
Products affected by CVE-2022-27176
- cpe:2.3:a:jscom:revoworks_browser:*:*:*:*:*:*:*:*
- cpe:2.3:a:jscom:revoworks_scvx:*:*:*:*:*:*:*:*
- cpe:2.3:a:jscom:revoworks_desktop:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-27176
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-27176
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2022-27176
-
https://jscom.jp/news-20220527/
【重要】RevoWorks製品におけるファイル無害化処理の脆弱性について | ジェイズ・コミュニケーションVendor Advisory
-
https://jvn.jp/en/jp/JVN27256219/index.html
JVN#27256219: RevoWorks incomplete filtering of MS Office v4 macrosThird Party Advisory
Jump to