□ Overview
o Infraware release security updates to address a file download and execution vulnerability in ML Report.
| Vulnerability type |
Impact |
Severity |
CVE ID |
| File download & execution |
code execution |
Critical |
CVE-2018-5204 |
□ Description
o ML Report contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.
□ Affected Products
| Product |
Version |
| ML Report Enterprise |
2.00.000.0000 ~ 2.18.628.5980 |
□ Solution
o Update software over ML Report 2.18.722.6228 version
□ Reference site
o http://mlreport.infraware.co.kr/mlreport_site/release/files/MLReportEnterpriseAuto_v2.18.722.6228.zip |