admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-78xx/CVE-2020-7867.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

134 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-7867",
"sourceIdentifier": "vuln@krcert.or.kr",
"published": "2021-10-27T01:15:07.190",
"lastModified": "2021-10-29T01:20:24.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en Helpu solution podr\u00eda permitir a un atacante local la creaci\u00f3n y ejecuci\u00f3n arbitraria de archivos sin hacer clic en el men\u00fa de transferencia de archivos. Es posible la creaci\u00f3n de archivos en un directorio arbitrario para el usuario porque el programa de visualizaci\u00f3n recibe el archivo desde el agente con privilegio de administrador"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "vuln@krcert.or.kr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:helpu:helpuviewer:2018.5.21.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "6DA81C9C-27A9-4BA9-AECD-8BFDCA46C13D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36303",
"source": "vuln@krcert.or.kr",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink