Cyber Resilience

CVE-2022-36344

Critical

Published: 16 August 2022

Published
16 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0071 72.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36344 is a critical-severity Unquoted Search Path or Element (CWE-428) vulnerability in Justsystems Just Pdf 5. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 27.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a…

more

malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

justsystems
atok medical 2
all versions
justsystems
atok medical 3
all versions
justsystems
atok pro 3
all versions
justsystems
atok pro 4
all versions
justsystems
atok pro 5
all versions
justsystems
hanako police 5
all versions
justsystems
hanako police 6
all versions
justsystems
hanako police 7
all versions
justsystems
hanako pro 3
all versions
justsystems
hanako pro 4
all versions
+50 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References