Cyber Resilience

CVE-2022-27176

High

Published: 14 June 2022

Published
14 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-27176 is a high-severity an unspecified weakness vulnerability in Jscom Revoworks Browser. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 44.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization…

more

Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

jscom
revoworks browser
≤ 2.2.69
jscom
revoworks desktop
≤ 2.1.85
jscom
revoworks scvx
≤ 1.0.44

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References