CVE-2022-27176
Last modified
CVE-2022-27176 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jscom | Revoworks Browser | < 2.2.69 |
| Jscom | Revoworks Desktop | < 2.1.85 |
| Jscom | Revoworks Scvx | < 1.0.44 |
References
- https://jscom.jp/news-20220527/Vendor Advisory
- https://jvn.jp/en/jp/JVN27256219/index.htmlThird Party Advisory
- https://jscom.jp/news-20220527/Vendor Advisory
- https://jvn.jp/en/jp/JVN27256219/index.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-27176?
How severe is CVE-2022-27176?
How do I fix CVE-2022-27176?
Are you affected by CVE-2022-27176?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST