JVN#63376363
SKYSEA Client View and SKYMEC IT Manager improper file access permission settings
Overview
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configures the installation folder with improper file access permission settings.
Products Affected
- SKYSEA Client View Ver.21.200.07j and earlier
- SKYMEC IT Manager Ver.2024.005.10a and earlier
Description
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools.
SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability.
- Incorrect default permissions in the installation folder (CWE-276)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2026-39454
Impact
A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product.
As a result, arbitrary code may be executed with the administrative privilege.
Solution
Update the Software or Apply the patches
Update the software to the latest version or apply the patches according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Sky Co.,LTD. | [Important] Improper file access permission settings (CVE-2026-39454) (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Takashi Matsumoto of NEC Corporation reported this vulnerability to Sky Co.,LTD. and coordinated. After the coordination was completed, Sky Co.,LTD. reported the case to JPCERT/CC to notify users of the solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-39454 |
| JVN iPedia |
JVNDB-2026-000051 |