본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7831 | INOGARD Ebiz4u web-based contract management service remote file download vulnerability2020.08.20
□ Overview
 o INOGARD released security update to address arbitrary remote file download vulnerability in Ebiz4u.
Vulnerability Type Impact Severity CVSS Score CVE ID
Remote File Download Remote File Execution High 8.8 CVE-2020-7831

□ Description
 o A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is
able to use startup menu directory via directory traversal for automatic execution. The victiom user need to reboot, however.

□ Affected Product
Product Version Platform
INOGARD Ebiz4u(AxECM.dll) CViewer Object 1.0.5.1 Windows

□ Solution
 o Update programs over CViewer Object 1.0.5.2 version or higher.

​□ Reference
[1] http://ebiz4u.co.kr/home.do

□ Acknowledgements
 o Thanks to Dong Hyeon Yoo for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀
키워드 file download