JVN#39280069
RevoWorks Cloud vulnerable to unintended process execution
Overview
RevoWorks Cloud provided by J’s Communication Co., Ltd. contains an unintended process execution vulnerability.
Products Affected
- RevoWorks Cloud Client 3.0.91 and earlier
Description
RevoWorks Cloud provided by J’s Communication Co., Ltd. is software to build a sandbox environment isolated from a client's local environment. In the sandbox environment, the product provides the function enabling execution of web browsers and detection and blocking of unauthorized processes. However, a defect in this function was found which fails to detect unauthorized processes (CWE-863).
Impact
Unintended processes may be executed in the sandbox environment.
Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.
Solution
Update RevoWorks Cloud Client
Update RevoWorks Cloud Client to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| J’s Communication Co., Ltd. | Allows unintended process execution vulnerability in RevoWorks Cloud (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
J’s Communication Co., Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and J’s Communication Co., Ltd. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-47560 |
| JVN iPedia |
JVNDB-2024-000107 |