Lucene search

KrcertCVELIST:CVE-2020-7815

HistoryJul 03, 2020 - 12:00 a.m.

CVE-2020-7815

2020-07-0300:00:00

krcert

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in COMPONENT of TOBESOFT XPLATFORM allows ATTACKER/ATTACK to cause IMPACT. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "XPLATFORM",
    "vendor": "TOBESOFT",
    "versions": [
      {
        "lessThan": "9.2.260",
        "status": "affected",
        "version": "9.2.250",
        "versionType": "custom"
      }
    ]
  }
]

References

support.tobesoft.co.kr/Support/index.html

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35496

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVELIST:CVE-2020-7815