JVN#08057419
Multiple vulnerabilities in the installer of RATOC RAID Monitoring Manager for Windows

Overview

The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities.

Products Affected

• RATOC RAID Monitoring Manager for Windows versions prior to 2.00.009.260220

Description

The installer of RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. contains multiple vulnerabilities listed below.

• Uncontrolled search path element (CWE-427)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
  • CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2026-28760
• Incorrect default permissions (CWE-276)
  • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
  • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
  • CVE-2026-32680

Impact

• If a user is directed to place a crafted DLL with the installer, an arbitrary code may be executed with the administrator privilege (CVE-2026-28760)
• If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a non-administrative user to execute an arbitrary code with SYSTEM privilege (CVE-2026-32680)

Solution

Update the Software
Update RATOC RAID Monitoring Manager for Windows to the latest version.
For more details, refer to the information provided by the developer.