Description
RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
References (2)
Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN39280069/
Various Sources
https://jscom.jp/news-20240918/
Scores
CVSS v3
7.8
EPSS
0.0017
EPSS Percentile
7.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
J’s Communication Co., Ltd./RevoWorks Cloud Client
3.0.91 and earlier
Published
Oct 01, 2024
Tracked Since
Feb 18, 2026