JVN#80500630
IM-LogicDesigner module of intra-mart Accel Platform vulnerable to untrusted data deserialization
Overview
IM-LogicDesigner module of intra-mart Accel Platform provided by NTT DATA INTRAMART Corporation contains an untrusted data deserialization vulnerability.
Products Affected
- intra-mart Accel Platform 2017 Spring (8.0.4) through 2025 Autumn (8.0.27)
- Accel-Mart Plus (including intra-mart Accel Platform)
- Accel-Mart Quick
- DPS for Sales Cloud
Description
IM-LogicDesigner module of intra-mart Accel Platform provided by NTT DATA INTRAMART Corporation contains the following vulnerability.
- Untrusted data deserialization (CWE-502)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2026-27776
- This can be exploited only when IM-LogicDesigner is deployed
Impact
Arbitrary code may be executed when some crafted file is imported by a user with the administrative privilege.
Solution
Apply the Patch
Apply the patch according to the information provided by the developer.
For Accel-Mart Quick and DPS for Sales Cloud, the patches are applied on February, 2026.
For more details, refer to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| NTT DATA INTRAMART Corporation | Vulnerable | 2026/02/27 | NTT DATA INTRAMART Corporation website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Masataka Sagami reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-27776 |
| JVN iPedia |
JVNDB-2026-000030 |