□ Overview
o INOGARD released security update to address arbitrary remote file download vulnerability in Ebiz4u.
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Remote File Download |
Remote File Execution |
High |
8.8 |
CVE-2020-7831 |
□ Description
o A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is
able to use startup menu directory via directory traversal for automatic execution. The victiom user need to reboot, however.
□ Affected Product
| Product |
Version |
Platform |
| INOGARD Ebiz4u(AxECM.dll) |
CViewer Object 1.0.5.1 |
Windows |
□ Solution
o Update programs over CViewer Object 1.0.5.2 version or higher.
□ Reference
[1] http://ebiz4u.co.kr/home.do
□ Acknowledgements
o Thanks to Dong Hyeon Yoo for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
