본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-17321 ~ CVE-2019-17326 | ClipSoft REXPERT Multiple Vulnerabilities2019.10.29
□ Overview
 o ClipSoft release security update to address a multiple vulnerability in REXPERT.
Vulnerability Type Impact Severity CVE ID
Information disclosure Information disclosure MEDIUM CVE-2019-17321
Improper access controls Arbitrary file creation High CVE-2019-17322
XML Injection Code Execution High CVE-2019-17323
Path Traversal HTML file creation MEDIUM CVE-2019-17324
File upload Information disclosure MEDIUM CVE-2019-17325
Improper access controls Arbitrary file deletion MEDIUM CVE-2019-17326


□ Description
o When requesting web page associated with session, could leak username via session file path of HTTP response data.
   No authentication is required. (CVE-2019-17321)
 o Arbitrary file creation via a POST request with the parameter set to the file path to be written.
   This can be a executable file that is written to in the arbitrary directory. (CVE-2019-17322)
 o Arbitrary file creation and execution via report print function of rexpert viewer with modified XML document.(CVE-2019-17323)
 o Directory traversal by issuing a specially HTTP POST request with ../ characters. That leads remote attacker to create malicious html file because they can inject a contents with crafted template. (CVE-2019-17324)
 o Local file upload via the ActiveX method in RexViewerCtrl30.ocx. That could lead to disclosure of sensitive information. (CVE-2019-17325)
 o File delection by issuing a HTTP GET request with a specially crafted parameter. (CVE-2019-17326)

□ Affected Product

Product Version
REXPERT 1.0.0.527 or lower


□ Solution
 o Update software over DaviewIndy 1.0.0.528 version or higher.
 

□ Acknowledgements
 o Juhun Oh (CVE-2019-17321, CVE-2019-17322, CVE-2019-17323, CVE-2019-17324)
 o Eunsol Lee (CVE-2019-17325)

 o Hyeokju Kwon (CVE-2019-17326)