본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7866 | Tobesoft XPLATFORM Arbitrary Command Execution Vulnerability2021.06.14
□ Overview
 o Tobesoft released security update to address arbitrary command execution vulnerability in XPLATFORM.
Vulnerability Type Impact Severity CVSS CVE ID
Improper input validation Code execution High 8.8 CVE-2020-7866
 
□ Description
 o When using XPLATFORM ActiveX component, arbitrary commands can be executed due to improper input validation.(CVE-2020-7866)

□ Affected Products
Product Version
XPLATFORM XPLATFORM 9.2.2.270 or earlier versions
 
□ Solution
 o Update software over 9.2.2.270 version .

□ Acknowledgements
 o Thanks to Jeongun Baek for reporting this vulnerability.
 
□ Reference site
 [1] http://support.tobesoft.co.kr/Support/index.html
 


□ 작성 : 침해사고분석단 취약점분석팀