CVE-2020-7810

Опубликовано: 07 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.

Ссылки

http://www.handysoft.co.kr/en/
Product
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35551
Third Party Advisory
http://www.handysoft.co.kr/en/
Product
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35551
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:handysoft:hslogin2.dll:*:*:*:*:*:*:*:*

Версия до 6.7.8.4 (включая)

cpe:2.3:a:handysoft:hslogin2.dll:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.3.4 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00197

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-353

CWE-354

Связанные уязвимости

GHSA-h2gw-wr24-mgw2

github

больше 3 лет назад