{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28267", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-02-26T00:21:16.561Z", "datePublished": "2026-03-09T22:28:24.535Z", "dateUpdated": "2026-03-10T14:16:29.163Z"}, "containers": {"cna": {"affected": [{"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)", "versions": [{"version": "prior to Ver.10.02.00", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0", "versions": [{"version": "prior to Ver.6.00.57", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7", "versions": [{"version": "prior to Ver.6.10.57", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)", "versions": [{"version": "prior to Ver.6.00.57", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)", "versions": [{"version": "prior to Ver.6.00.57", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc", "versions": [{"version": "prior to Ver.2.00.30", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows", "versions": [{"version": "prior to Ver.4.93R13", "status": "affected"}]}, {"vendor": "Digital Arts Inc.", "product": "DigitalArts@Cloud Agent (for Windows)", "versions": [{"version": "prior to Ver.1.70R01", "status": "affected"}]}, {"vendor": "OPTiM Corporation", "product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)", "versions": [{"version": "prior to 4.93R13", "status": "affected"}]}, {"vendor": "Inventit Inc.", "product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows", "versions": [{"version": "prior to Ver.4.93R13", "status": "affected"}]}, {"vendor": "Fujitsu Limited", "product": "i-FILTER Browser & Cloud MultiAgent for Windows", "versions": [{"version": "prior to Ver.4.93R13", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."}], "problemTypes": [{"descriptions": [{"description": "Incorrect default permissions", "lang": "en-US", "cweId": "CWE-276", "type": "CWE"}]}], "references": [{"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_01.pdf"}, {"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_02.pdf"}, {"url": "https://biz3.optim.co.jp/"}, {"url": "https://www.mobi-connect.net/file/ifilter/"}, {"url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"}, {"url": "https://jvn.jp/en/jp/JVN17307628/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-09T22:28:24.535Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T14:16:23.241801Z", "id": "CVE-2026-28267", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T14:16:29.163Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28267", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T14:16:23.241801Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T14:16:25.685Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)", "versions": [{"status": "affected", "version": "prior to Ver.10.02.00"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0", "versions": [{"status": "affected", "version": "prior to Ver.6.00.57"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7", "versions": [{"status": "affected", "version": "prior to Ver.6.10.57"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)", "versions": [{"status": "affected", "version": "prior to Ver.6.00.57"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)", "versions": [{"status": "affected", "version": "prior to Ver.6.00.57"}]}, {"vendor": "Digital Arts Inc.", "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc", "versions": [{"status": "affected", "version": "prior to Ver.2.00.30"}]}, {"vendor": "Digital Arts Inc.", "product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows", "versions": [{"status": "affected", "version": "prior to Ver.4.93R13"}]}, {"vendor": "Digital Arts Inc.", "product": "DigitalArts@Cloud Agent (for Windows)", "versions": [{"status": "affected", "version": "prior to Ver.1.70R01"}]}, {"vendor": "OPTiM Corporation", "product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)", "versions": [{"status": "affected", "version": "prior to 4.93R13"}]}, {"vendor": "Inventit Inc.", "product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows", "versions": [{"status": "affected", "version": "prior to Ver.4.93R13"}]}, {"vendor": "Fujitsu Limited", "product": "i-FILTER Browser & Cloud MultiAgent for Windows", "versions": [{"status": "affected", "version": "prior to Ver.4.93R13"}]}], "references": [{"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_01.pdf"}, {"url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_02.pdf"}, {"url": "https://biz3.optim.co.jp/"}, {"url": "https://www.mobi-connect.net/file/ifilter/"}, {"url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"}, {"url": "https://jvn.jp/en/jp/JVN17307628/"}], "descriptions": [{"lang": "en", "value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-276", "description": "Incorrect default permissions"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-09T22:28:24.535Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28267", "state": "PUBLISHED", "dateUpdated": "2026-03-10T14:16:29.163Z", "dateReserved": "2026-02-26T00:21:16.561Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2026-03-09T22:28:24.535Z", "assignerShortName": "jpcert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user."}], "id": "CVE-2026-28267", "lastModified": "2026-03-11T13:53:47.157", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-10T17:38:38.227", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://biz3.optim.co.jp/"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN17307628/"}, {"source": "vultures@jpcert.or.jp", "url": "https://sd.fjsd001.dfcenter.jp.fujitsu.com/portal/ja/kb/articles/windows%E3%81%AE%E3%83%AA%E3%83%AA%E3%83%BC%E3%82%B9%E3%83%8E%E3%83%BC%E3%83%88"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_01.pdf"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.daj.jp/shared/php/downloadset/c/parts.php?page=dl&filename=information_20260309_02.pdf"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.mobi-connect.net/file/ifilter/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.70R01)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "DigitalArts@Cloud Agent (for Windows)", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "digitalarts@cloud_agent_(for_windows)", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.93R13)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-filter_\u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9_multiagent_for_windows", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.02.00)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 10 (Windows version only)", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc_10_(windows_version_only)", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.00.57)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc_6.0", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.00.57)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ (Windows version only)", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_zaq_(windows_version_only)", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.10.57)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_\u30cd\u30c3\u30c8\u30ab\u30d5\u30a7", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.00.30)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.00.57)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9 (Windows version only)", "source": "cna", "vendor": "Digital Arts Inc."}, "product": "i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_\u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9_(windows_version_only)", "vendor": "digital_arts"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.93R13)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "i-FILTER Browser & Cloud MultiAgent for Windows", "source": "cna", "vendor": "Fujitsu Limited"}, "product": "i-filter_browser_&_cloud_multiagent_for_windows", "vendor": "fujitsu"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.93R13)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "MobiConnect i-FILTER Browser Option MultiAgent for Windows", "source": "cna", "vendor": "Inventit Inc."}, "product": "mobiconnect_i-filter_browser_option_multiagent_for_windows", "vendor": "inventit"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.93R13)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Optimal Biz Web Filtering Powered by i-FILTER (Windows version)", "source": "cna", "vendor": "OPTiM Corporation"}, "product": "optimal_biz_web_filtering_powered_by_i-filter_(windows_version)", "vendor": "optim_corporation"}], "analysis": {"en": {"generated_at": "2026-04-16T10:03:00.100012+00:00", "value": {"mitigation_remediation": ["Download and install the vendor\u2011supplied security patch or the latest release for all affected Digital Arts i\u2011\u30d5\u30a3\u30eb\u30bf\u30fc products.", "Re\u2011apply correct file permissions on the system and backup directories to deny write access to non\u2011administrative users, ensuring only privileged accounts can create or modify files there.", "Regularly audit the system and backup directories for unexpected file creations or modifications and review event logs for write attempts by non\u2011privileged accounts."], "summary": {"action": "Apply Patch", "impact": "Local privilege escalation via non\u2011administrative write to system directories"}, "threat_synthesis": {"affected_systems": "The vulnerability affects multiple products from Digital Arts Inc., including Digital Arts@Cloud Agent for Windows, i-FILTER \u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9 MultiAgent for Windows, i-\u30d5\u30a3\u30eb\u30bf\u30fc 10, i-\u30d5\u30a3\u30eb\u30bf\u30fc 6.0, i-\u30d5\u30a3\u30eb\u30bf\u30fc for ZAQ, i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30cd\u30c3\u30c8\u30ab\u30d5\u30a7, i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc, and i-\u30d5\u30a3\u30eb\u30bf\u30fc for \u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9, as well as Fujitsu Limited\u2019s i-FILTER Browser & Cloud MultiAgent for Windows, Inventit Inc.\u2019s MobiConnect i-FILTER Browser Option MultiAgent for Windows, and OPTiM Corporation\u2019s Optimal Biz Web Filtering Powered by i-FILTER. The CVE does not list specific version ranges, so any released version of these products is potentially affected.", "description_and_impact": "Digital Arts i-\u30d5\u30a3\u30eb\u30bf\u30fc products have been configured with incorrect default permissions on sensitive files within system and backup directories. As a consequence, a regular user lacking administrative privileges can create or overwrite files in these directories, which may allow the deployment of malicious code or the modification of critical files. The flaw could lead to local privilege escalation or persistence on the affected machines.", "risk_and_exploitability": "The CVSS score of 6.8 indicates moderate severity, while the EPSS score of less than 1% shows that exploitation is considered unlikely under current threat data. The flaw is not listed in the CISA KEV catalog, which means there are no publicly confirmed leveraged exploits. An attacker would need local access to a machine running one of the affected products and would exploit the improper file permissions to write malicious binaries or scripts to a system or backup directory, a step that does not require administrative credentials. Once placed, such files could be executed to gain elevated privileges or establish persistence. The overall risk is moderate, but the impact remains significant for environments where these directories contain exploitable binaries or configuration files."}}}}, "created": "2026-03-10T14:06:33.267416+00:00", "title": "Improper File Access Permissions Allow Non\u2011Administrative Write to System Directories", "updated": "2026-04-16T10:15:26.103159+00:00", "vendors": ["digital_arts", "digital_arts$PRODUCT$digitalarts@cloud_agent_(for_windows)", "digital_arts$PRODUCT$i-filter_\u30d6\u30e9\u30a6\u30b6\u30fc\uff06\u30af\u30e9\u30a6\u30c9_multiagent_for_windows", "digital_arts$PRODUCT$i-\u30d5\u30a3\u30eb\u30bf\u30fc_10_(windows_version_only)", "digital_arts$PRODUCT$i-\u30d5\u30a3\u30eb\u30bf\u30fc_6.0", "digital_arts$PRODUCT$i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_zaq_(windows_version_only)", "digital_arts$PRODUCT$i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_\u30cd\u30c3\u30c8\u30ab\u30d5\u30a7", "digital_arts$PRODUCT$i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc", "digital_arts$PRODUCT$i-\u30d5\u30a3\u30eb\u30bf\u30fc_for_\u30de\u30eb\u30c1\u30c7\u30d0\u30a4\u30b9_(windows_version_only)", "fujitsu", "fujitsu$PRODUCT$i-filter_browser_&_cloud_multiagent_for_windows", "inventit", "inventit$PRODUCT$mobiconnect_i-filter_browser_option_multiagent_for_windows", "optim_corporation", "optim_corporation$PRODUCT$optimal_biz_web_filtering_powered_by_i-filter_(windows_version)"]}