□ Overview
o Webcash Co.,Ltd released security update to address remote code execution vulnerability.
□ Description
o A specific file on the sERP server if Kyungrinara has a fixed password with the SYSTEM authority.
o This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.
□ Affected Product
□ Solution
o Update software sERP Server 2.0 minimum of 20.2.170 version or higher.
□ Reference
[1] https://serp2.webcash.co.kr/
□ Acknowledgements
o Thanks to Jinseong Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
o Webcash Co.,Ltd released security update to address remote code execution vulnerability.
| Vulnerability Type | Impact | Severity | CVSS Score | CVE ID |
|---|---|---|---|---|
| Use of Hard-coded Credentials |
remote code execution | High | 8.1 | CVE-2022-41157 |
□ Description
o A specific file on the sERP server if Kyungrinara has a fixed password with the SYSTEM authority.
o This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.
□ Affected Product
| Product | Version | Platform |
|---|---|---|
| sERP Server 2.0 | prior of v20.2.161 | Windows |
□ Solution
o Update software sERP Server 2.0 minimum of 20.2.170 version or higher.
□ Reference
[1] https://serp2.webcash.co.kr/
□ Acknowledgements
o Thanks to Jinseong Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀