CVE-2024-47560 HIGH

CVE-2024-47560

Vendor J’s Communication Co., Ltd.

Product RevoWorks Cloud Client

Weakness CWE-863 · Incorrect authorization

Published October 1, 2024

Last update October 1, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the client's local environment. However, information in the sandbox environment may be disclosed to outside or behaviors of the sandbox environment may be violated by tampering registry.

Key dates

02Disclosure timeline

October 1, 2024 CVE published

October 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-47560

Related vulnerabilities

Identifiers

CVE CVE-2024-47560

CWE CWE-863

CVSS 7.8 / HIGH

Affected versions