Lucene search

KrcertCVELIST:CVE-2020-7831

HistoryAug 20, 2020 - 12:00 a.m.

CVE-2020-7831

2020-08-2000:00:00

CWE-494

krcert

www.cve.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Ebiz4u CViewer Object AxECM.dll",
    "vendor": "INOGARD",
    "versions": [
      {
        "lessThanOrEqual": "1.0.5.1",
        "status": "affected",
        "version": "CViewer Object",
        "versionType": "custom"
      }
    ]
  }
]

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35559

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVELIST:CVE-2020-7831