How severe is CVE-2022-36344?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-36344?

This is classified as CWE-428, which is a common weakness in software security.

CVE-2022-36344

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-428

View all →

Vulnerability Description

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

CVE-2019-17658

CRITICAL

CVSS:9.8(Critical)

An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable...

CWE-4282019

CVE-2019-8459

CRITICAL

CVSS:9.8(Critical)

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable...

CWE-4282019

CVE-2020-14521

CRITICAL

CVSS:9.8(Critical)

Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, mo...

CWE-4282020

CVE-2020-9292

CRITICAL

CVSS:9.8(Critical)

An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.

CWE-4282020

CVE-2023-38408

CRITICAL

CVSS:9.8(Critical)

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Cod...

CWE-4282023

CVE-2024-24722

CRITICAL

CVSS:9.1(Critical)

An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy ...

CWE-4282024

CVE-2022-36344

Vulnerability Description

Related Vulnerabilities

CVE-2019-17658

CVE-2019-8459

CVE-2020-14521

CVE-2020-9292

CVE-2023-38408

CVE-2024-24722