본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2018-5204 | Infraware ML Report file download and execution vulnerability2018.12.27
□ Overview
o Infraware release security updates to address a file download and execution vulnerability in ML Report.
Vulnerability type Impact Severity CVE ID
File download & execution code execution Critical CVE-2018-5204

□ Description
o ML Report contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

□ Affected Products
Product Version
ML Report Enterprise 2.00.000.0000 ~ 2.18.628.5980

□ Solution
o Update software over ML Report 2.18.722.6228 version

□ Reference site
o http://mlreport.infraware.co.kr/mlreport_site/release/files/MLReportEnterpriseAuto_v2.18.722.6228.zip