Published:2026/03/09  Last Updated:2026/03/09

JVN#17307628
Improper file access permission settings in multiple Digital Arts products

Overview

Multiple products provided by Digital Arts Inc. are configured with an improper file access permission settings.

Products Affected

  • For Digital Arts Inc.
    • i-フィルター 10 (Windows version only) versions prior to Ver.10.02.00
    • i-フィルター 6.0 versions prior to Ver.6.00.57
    • i-フィルター for ネットカフェ versions prior to Ver.6.10.57
    • i-フィルター for マルチデバイス (Windows version only) versions prior to Ver.6.00.57
    • i-フィルター for ZAQ (Windows version only) versions prior to Ver.6.00.57
    • i-フィルター for プロバイダー versions prior to Ver.2.00.30
    • i-FILTER ブラウザー&クラウド MultiAgent for Windows versions prior to Ver.4.93R13
    • DigitalArts@Cloud Agent (for Windows) versions prior to Ver.1.70R01
Note:
i-フィルター is only available in Japan and is a different product to Digital Arts Inc.’s i-FILTER, which has the same pronunciation. This vulnerability does not affect Digital Arts’ i-FILTER.
 
  • For OPTiM Corporation
    • Optimal Biz Web Filtering Powered by i-FILTER (Windows version) versions prior to 4.93R13
  • For Inventit Inc.
    • MobiConnect i-FILTER Browser Option MultiAgent for Windows versions prior to Ver.4.93R13
  • For Fujitsu Limited
    • i-FILTER Browser & Cloud MultiAgent for Windows versions prior to Ver.4.93R13

Description

Multiple products provided by Digital Arts Inc. contains the following vulnerability.

  • Incorrect default permissions (CWE-276)
    • CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 6.8
    • CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Base Score 5.5
    • CVE-2026-28267

Impact

Files may be created or overwritten in the system directory or backup directory by a non-administrative user.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Link
Digital Arts Inc. For consumers: Important Notice|Notice Regarding Vulnerabilities in Our Security Products (Text in Japanese, PDF)
For business: Important Notice|Notice Regarding Vulnerabilities in Our Security Products (Text in Japanese, PDF)
OPTiM Corporation OPTiM BizManagement site: List of related services (Text in Japanese, Refer to the related services for your product after logging in)
Inventit Inc. mobiconnect FILTER browser options (Text in Japanese, login required)
Fujitsu Limited 4.93R13 (Released March 9, 2026) (Text in Japanese, login required)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2026-28267
JVN iPedia JVNDB-2026-000036

Update History

2026/03/09
Fixed typo under the section [Products Affected]