critical
9.8
CWE
428
Advisory Published
Updated

CVE-2022-36344

First published: Tue Aug 16 2022(Updated: )

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Justsystems Atok Medical 2
Justsystems Atok Medical 3
Justsystems Atok Pro 3
Justsystems Atok Pro 4
Justsystems Atok Pro 5
Justsystems Hanako Police 5
Justsystems Hanako Police 6
Justsystems Hanako Police 7
Justsystems Hanako Pro 3
Justsystems Hanako Pro 4
Justsystems Hanako Pro 5
Justsystems Homepage Builder 20
Justsystems Homepage Builder 21
Justsystems Homepage Builder 22
Justsystems Ichitaro Government 10
Justsystems Ichitaro Government 8
Justsystems Ichitaro Government 9
Justsystems Ichitaro Pro 3
Justsystems Ichitaro Pro 4
Justsystems Ichitaro Pro 5
Justsystems Just Calc 3
Justsystems Just Calc 4
Justsystems Just Calc 5
Justsystems Just Focus 3
Justsystems Just Focus 4
Justsystems Just Frontier 3
Justsystems Just Government 2
Justsystems Just Government 3
Justsystems Just Government 4
Justsystems Just Government 5
Justsystems Just Jump 8
Justsystems Just Jump Class
Justsystems Just Jump Class 2
Justsystems Just Medical 2
Justsystems Just Medical 3
Justsystems Just Medical 4
Justsystems Just Medical 5
Justsystems Just Note 3
Justsystems Just Note 4
Justsystems Just Note 5
Justsystems Just Office 2
Justsystems Just Office 3
Justsystems Just Office 4
Justsystems Just Office 5
Justsystems Just Pdf 3
Justsystems Just Pdf 4
Justsystems Just Pdf 5
Justsystems Just Pdf 5
Justsystems Just Police 2
Justsystems Just Police 3
Justsystems Just Police 4
Justsystems Just Police 5
Justsystems Just School 6
Justsystems Just School 7
Justsystems Just Smile 6
Justsystems Just Smile 7
Justsystems Just Smile 8
Justsystems Just Smile Class 2
Justsystems Shuriken Pro 6
Justsystems Shuriken Pro 7
Justsystems Tri-de Dataprotect

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-36344?

    The severity of CVE-2022-36344 is classified as high due to the potential for unauthorized code execution.

  • How do I fix CVE-2022-36344?

    To fix CVE-2022-36344, apply the latest security patches provided by JustSystems for the affected products.

  • What products are affected by CVE-2022-36344?

    CVE-2022-36344 affects several JustSystems products, including Ichitaro, Atok, Hanako, and various Homepage Builder versions.

  • What is the nature of the vulnerability in CVE-2022-36344?

    CVE-2022-36344 is an unquoted search path vulnerability, which can lead to execution of arbitrary files.

  • When was CVE-2022-36344 discovered?

    CVE-2022-36344 was publicly disclosed in 2022, highlighting the need for immediate action by users of the affected software.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203