CVE-2020-7815

Опубликовано: 10 июл. 2020

Источник: nvd

CVSS3: 7.8

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in COMPONENT of TOBESOFT XPLATFORM allows ATTACKER/ATTACK to cause IMPACT. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows.

Ссылки

http://support.tobesoft.co.kr/Support/index.html
Vendor Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35496
Third Party Advisory
http://support.tobesoft.co.kr/Support/index.html
Vendor Advisory
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35496
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:tobesoft:xplatform:*:*:*:*:*:*:*:*

Версия до 9.2.2.260 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00418

Низкий

7.8 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jqqm-9jx4-qr2h

github

больше 3 лет назад

XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows.

EPSS

Процентиль: 61%

0.00418

Низкий

7.8 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo