{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-47045","assignerOrgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","state":"PUBLISHED","assignerShortName":"jpcert","dateReserved":"2024-09-17T05:33:19.502Z","datePublished":"2024-09-26T03:33:48.931Z","dateUpdated":"2024-09-26T14:45:34.542Z"},"containers":{"cna":{"affected":[{"vendor":"National Tax Agency","product":"The installer of e-Tax software(common program)","versions":[{"version":"All versions distributed on the NTA website before 2024 September 24","status":"affected"}]}],"descriptions":[{"lang":"en","value":"Privilege chaining issue exists in the installer of e-Tax software(common program). If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege."}],"problemTypes":[{"descriptions":[{"description":"Privilege chaining","lang":"en-US","cweId":"CWE-268","type":"CWE"}]}],"references":[{"url":"https://www.e-tax.nta.go.jp/topics/2024/topics_20240924_versionup.htm"},{"url":"https://jvn.jp/en/jp/JVN57749899/"}],"providerMetadata":{"orgId":"ede6fdc4-6654-4307-a26d-3331c018e2ce","shortName":"jpcert","dateUpdated":"2024-09-26T06:22:26.091Z"}},"adp":[{"affected":[{"vendor":"e-tax.nta","product":"e-tax","cpes":["cpe:2.3:a:e-tax.nta:e-tax:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"3.0.18","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-09-26T14:42:00.395236Z","id":"CVE-2024-47045","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-26T14:45:34.542Z"}}]}}