□ Overview
o Tobesoft released security update to address arbitrary command execution vulnerability in XPLATFORM.
| Vulnerability Type |
Impact |
Severity |
CVSS |
CVE ID |
| Improper input validation |
Code execution |
High |
8.8 |
CVE-2020-7866 |
□ Description
o When using XPLATFORM ActiveX component, arbitrary commands can be executed due to improper input validation.(CVE-2020-7866)
□ Affected Products
| Product |
Version |
| XPLATFORM |
XPLATFORM 9.2.2.270 or earlier versions |
□ Solution
o Update software over 9.2.2.270 version .
□ Acknowledgements
o Thanks to Jeongun Baek for reporting this vulnerability.
□ Reference site
[1] http://support.tobesoft.co.kr/Support/index.html
□ 작성 : 침해사고분석단 취약점분석팀 |
