All the vulnerabilites related to J’s Communication Co., Ltd. - RevoWorks Browser
cve-2021-20791
Vulnerability from cvelistv5
Published
2021-09-17 01:40
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jscom.jp/news-20210910_2/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN81658818/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| J’s Communication Co., Ltd. | RevoWorks Browser |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.1.230 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T01:40:24",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RevoWorks Browser",
"version": {
"version_data": [
{
"version_value": "2.1.230 and earlier"
}
]
}
}
]
},
"vendor_name": "J\u2019s Communication Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jscom.jp/news-20210910_2/",
"refsource": "MISC",
"url": "https://jscom.jp/news-20210910_2/"
},
{
"name": "https://jvn.jp/en/jp/JVN81658818/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20791",
"datePublished": "2021-09-17T01:40:25",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20790
Vulnerability from cvelistv5
Published
2021-09-17 01:40
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://jscom.jp/news-20210910_2/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN81658818/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| J’s Communication Co., Ltd. | RevoWorks Browser |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.1.230 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Process Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T01:40:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jscom.jp/news-20210910_2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RevoWorks Browser",
"version": {
"version_data": [
{
"version_value": "2.1.230 and earlier"
}
]
}
}
]
},
"vendor_name": "J\u2019s Communication Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Process Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jscom.jp/news-20210910_2/",
"refsource": "MISC",
"url": "https://jscom.jp/news-20210910_2/"
},
{
"name": "https://jvn.jp/en/jp/JVN81658818/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN81658818/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20790",
"datePublished": "2021-09-17T01:40:23",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-26698
Vulnerability from cvelistv5
Published
2025-02-26 08:42
Modified
2025-02-26 15:32
Severity ?
EPSS score ?
Summary
Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:46:43.527797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:32:14.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RevoWorks SCVX",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "4.0.234 and earlier 4 series versions"
},
{
"status": "affected",
"version": "5.0.7 and earlier 5 series versions"
}
]
},
{
"product": "RevoWorks Browser",
"vendor": "J\u2019s Communication Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "2.2.100 and earlier 2 series versions"
},
{
"status": "affected",
"version": "3.0.1 and earlier 3 series versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "Incorrect resource transfer between spheres",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T08:42:53.924Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jscom.jp/news-20250217/"
},
{
"url": "https://jvn.jp/en/jp/JVN91300609/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-26698",
"datePublished": "2025-02-26T08:42:53.924Z",
"dateReserved": "2025-02-14T04:32:33.696Z",
"dateUpdated": "2025-02-26T15:32:14.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}