CVE-2020-7831

EPSS 0.37%
Veröffentlicht 24.08.2020 15:15:14
Zuletzt bearbeitet 21.11.2024 05:37:53
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inogard ≫ Ebiz4u Versioncviewer_object_1.0.5.1

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.558

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
vuln@krcert.or.kr	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35559

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7831

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7831

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7831

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7831