본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7865 | Inoguard ExECM CoreB2B solution remote code execution vulnerability2021.09.07
□ Overview
 o Inoguard Co.,Ltd released security update to address improper input validation vulnerability in ExECM CoreB2B solution. (electrical contract toolkit)
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper input validation remote code execution High 8.8 CVE-2020-7865

□ Description
 o A vulnerability (improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via
httpDownload function. (CVE-2020-7865)
 o A successful exploit could allow the attacker to hijack vulnerable system.

□ Affected Product
Product Version Platform
ExECM CoreB2B 1.1.0.4 and prior Windows

□ Solution
 o Update software over 1.1.0.5 version or higher.

□ Reference
 [1] http://www.inoguard.co.kr/solution2.html

□ Etc
 o Thanks to Jaehwi Lee for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀