본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19160 | Arbitrary Code Execution Vulnerability of Cabsoft 2020.06.29
□ Overview
o A Command Injection Vulneravility of HandySoft Groupware ActiveX exists.
Vulnerability type Impact Severity CVSS Score CVE ID
Missing Support for Integrity Check Code Execution MEDIUM 5.7 CVE-2019-19160
 
□ Description
 o Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).
 
□ Affected Products
Product Version Platform
Reportexpress ProPlus under 3.0.0.62 windows 7/8/10
 
□ Solution
 o Update software over 3.0.0.63 version or over then it.
 
□ Acknowledgement
 o Thanks to Eunsol Lee for this vulnerability report.
 



□ 작성 : 침해사고분석단 취약점분석팀