CVE-2020-7830

EPSS 0.2%
Veröffentlicht 02.09.2020 20:15:11
Zuletzt bearbeitet 21.11.2024 05:37:53
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Raonwiz ≫ Raon Kupload Version <= 2018.0.2.50

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.393

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
vuln@krcert.or.kr	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35582

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7830

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7830

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7830

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7830