exploitDog

CVE-2019-17323

Опубликовано: 30 окт. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

Ссылки

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:clipsoft:rexpert:*:*:*:*:*:*:*:*

Версия до 1.0.0.527 (включая)

EPSS

Процентиль: 61%

0.00418

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-91

CWE-91

Связанные уязвимости

GHSA-q8c5-p3cq-8mh2

CVSS3: 8.8

github

больше 3 лет назад

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.

EPSS

Процентиль: 61%

0.00418

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-91

CWE-91