exploitDog

CVE-2020-7831

Опубликовано: 24 авг. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

Ссылки

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35559
Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35559
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:inogard:ebiz4u:cviewer_object_1.0.5.1:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.0037

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-494

CWE-494

Связанные уязвимости

GHSA-57pw-qp4x-896h

github

больше 3 лет назад

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

EPSS

Процентиль: 58%

0.0037

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-494

CWE-494