Improper Access Control Vulnerability in SKYSEA Client View Could Lead to File Tampering and Code Execution
CVE-2024-21805

Currently unrated

Key Information:

Vendor: Sky Co.,ltd.
Status: Skysea Client View
Vendor: CVE Published:; 12 March 2024

🔔 Create Sky Co.,ltd. Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2024-21805?

Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege.

Affected Version(s)

SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2

News Articles

はてなブログ

CVE-2024-24964 CVE-2024-21805

IT資産管理用ツール「SKYSEA Client View」に複数の脆弱性 - TT 脆弱性 Blog

【概要】公開日登録日 CVE番号 NVD ベンダー CVSS v3 CWE 脆弱性備考 2024/03/07 2024/02/27 CVE-2024-24964 NVD SKYSEA - - 2024/03/07 2024/02/27 CVE-2024-21805 NVD SKYSEA - - 【ニュース】 ◆IT資産管理用ツール「SKYSEA Client View」に複数の脆弱性 (Security NEXT, 2024/03/07) https://www.security-next.com/154608

References

https://www.skyseaclientview.net/news/240307_01/

https://jvn.jp/en/jp/JVN54451757/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by はてなブログ
Mar 13, 2024
Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 27, 2024

CVE-2024-21805 Data

JSON