CVE-2020-7857

EPSS 0.52%
Veröffentlicht 20.04.2021 20:15:08
Zuletzt bearbeitet 21.11.2024 05:37:55
Quelle vuln@krcert.or.kr
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tobesoft ≫ Xplatform Version < 9.2.2.280

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.661

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
vuln@krcert.or.kr	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36006

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-7857

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-7857

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-7857

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-7857