An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code.
References
Link | Resource |
---|---|
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Dec 2021, 19:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-20 | |
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:tobesoft:nexacro:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380 - Third Party Advisory |
30 Nov 2021, 19:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-30 19:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-26612
Mitre link : CVE-2021-26612
CVE.ORG link : CVE-2021-26612
JSON object : View
Products Affected
microsoft
- windows
tobesoft
- nexacro
CWE
CWE-20
Improper Input Validation