Access Control Flaw in RevoWorks Browser by JSCom
CVE-2021-20791

9.3CRITICAL

Key Information:

Vendor: J’s Communication Co., Ltd.
Status: Revoworks Browser
Vendor: CVE Published:; 17 September 2021

🔔 Create J’s Communication Co., Ltd. Vulnerability Alert

What is CVE-2021-20791?

An improper access control flaw in RevoWorks Browser version 2.1.230 and earlier enables attackers to circumvent access restrictions. This vulnerability permits unauthorized file exchanges between the local environment and the isolated settings of the web browser, thus potentially compromising sensitive data and increasing the risk of other attacks. Attackers may exploit unspecified vectors to gain access, highlighting the importance of maintaining updated software and implementing robust security measures.

Affected Version(s)

RevoWorks Browser 2.1.230 and earlier

References

https://jscom.jp/news-20210910_2/

x_refsource_MISC

https://jvn.jp/en/jp/JVN81658818/index.html

x_refsource_MISC

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2021
Vulnerability Reserved
Dec 17, 2020

CVE-2021-20791 Data

JSON