Incorrect Authorization Vulnerability in RevoWorks Cloud Client Could Allow Unintended Process Execution
CVE-2024-47560

7.8HIGH

Key Information:

Vendor: J’s Communication Co., Ltd.
Status: Revoworks Cloud Client
Vendor: CVE Published:; 1 October 2024

🔔 Create J’s Communication Co., Ltd. Vulnerability Alert

What is CVE-2024-47560?

The RevoWorks Cloud Client prior to version 3.0.91 is susceptible to an incorrect authorization issue that may permit unintended processes to execute within the sandbox environment. While the execution of such processes does not affect the local system environment, it raises significant security concerns regarding potential exposure of sensitive information stored within the sandbox. Additionally, there is a risk that the integrity of the sandbox environment could be compromised through methods such as registry tampering, which further emphasizes the need for immediate attention to this vulnerability.

Affected Version(s)

RevoWorks Cloud Client 3.0.91 and earlier

References

https://jscom.jp/news-20240918/

https://jvn.jp/en/jp/JVN39280069/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2024

CVE-2024-47560 Data

JSON