본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7882 | anySign directory traversal vulnerability2021.11.15
□ Overview
 o hancomwith Co.,Ltd released security update to address directory traversal vulnerability in anySign4PC. (the solution for authorization certificate)
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Path traversal : '../filedir' information leakage and data deletion High 7.5 CVE-2020-7882

□ Description
 o Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files.
 o It occurs because the parameter contains path traversal characters(ie. '../../../') 

□ Affected Product
Affected Product
Product Version Platform
anySign4PC 1.1.1.0
1.1.2.6
1.1.2.7
Windows

□ Solution
 o Update software over anySign4PC 1.1.4.0  version or higher.

□ Reference
 [1] https://www.hancomwith.com/data/portal.php

□ Etc
 o Thanks to Soonchan Hwang for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀