Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
结论预警: CVE-2017-2154 综合评估为中等风险(54.2/100):CVSS 技术影响为高级,利用概率(EPSS 1.17%) 强制指令: 梳理受影响资产并纳入修补计划。
风险随态势动态变化;本站持续评估并同步更新本页展示内容。
EPSS 日更估计相对被利用可能性;百分位表示该 CVE 在已评分漏洞中的相对排名(越高表示相对更严重)。
| # | 日期 | 旧 EPSS 分数 | 新 EPSS 分数 | 变化(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.30% | 1.17% | +0.87% |
| 2 | 2025-03-30 | 0.40% | 0.30% | -0.10% |
| 3 | 2025-03-29 | — | 0.40% | — |
完整 EPSS 历史 (共 8 条)
该 CVE 的 CVSS 指标。
| 底座分 | 版本 | 严重度 | 向量 | 可利用性 | 影响 | 分数来源 |
|---|---|---|---|---|---|---|
| 7.8 | 3.0 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 6.8 | 2.0 | MEDIUM |
|
8.6 | 6.4 | [email protected] |
| 厂商 | 产品 | 版本 | 原始 CPE |
|---|---|---|---|
| justsystems | hanako | 2015 | cpe:2.3:a:justsystems:hanako:2015:*:*:*:*:*:*:* |
| justsystems | hanako | 2016 | cpe:2.3:a:justsystems:hanako:2016:*:*:*:*:*:*:* |
| justsystems | hanako | 2017 | cpe:2.3:a:justsystems:hanako:2017:*:*:*:*:*:*:* |
| justsystems | hanako | 2017 | cpe:2.3:a:justsystems:hanako:2017:*:*:*:trial_version:*:*:* |
| justsystems | hanako_police | 5 | cpe:2.3:a:justsystems:hanako_police:5:*:*:*:*:*:*:* |
| justsystems | hanako_pro | 3 | cpe:2.3:a:justsystems:hanako_pro:3:*:*:*:*:*:*:* |
| justsystems | just_frontier | 3 | cpe:2.3:a:justsystems:just_frontier:3:*:*:*:*:*:*:* |
| justsystems | just_government | 3 | cpe:2.3:a:justsystems:just_government:3:*:*:*:*:*:*:* |
| justsystems | just_jump_class | 2 | cpe:2.3:a:justsystems:just_jump_class:2:*:*:*:*:*:*:* |
| justsystems | just_office | 3 | cpe:2.3:a:justsystems:just_office:3:*:*:*:eco_print_pack:*:*:* |
| justsystems | just_office | 3 | cpe:2.3:a:justsystems:just_office:3:*:*:*:standard:*:*:* |
| justsystems | just_office | 3 | cpe:2.3:a:justsystems:just_office:3:*:*:*:tri-de_dataprotect_pack:*:*:* |
| justsystems | just_police | 3 | cpe:2.3:a:justsystems:just_police:3:*:*:*:*:*:*:* |
| justsystems | just_school | 6 | cpe:2.3:a:justsystems:just_school:6:*:*:*:*:*:*:* |
| justsystems | just_school | 6 | cpe:2.3:a:justsystems:just_school:6:*:*:*:premium:*:*:* |
| URL | 标签 |
|---|---|
| https://jvn.jp/en/jp/JVN54268888/index.html | Third Party Advisory VDB Entry |
| https://www.justsystems.com/jp/info/js17002.html | Vendor Advisory |