All the vulnerabilites related to Handysoft Co.,Ltd - HANDY Groupware
cve-2021-26630
Vulnerability from cvelistv5
Published
2022-05-19 14:52
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Handysoft Co.,Ltd | HANDY Groupware |
Version: unspecified < |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "HANDY Groupware",
"vendor": "Handysoft Co.,Ltd",
"versions": [
{
"lessThanOrEqual": "1.7.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HANDY Groupware",
"vendor": "Handysoft Co.,Ltd",
"versions": [
{
"lessThanOrEqual": "2.0.3.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HANDY Groupware",
"vendor": "Handysoft Co.,Ltd",
"versions": [
{
"lessThanOrEqual": "4.0.1.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in HANDY Groupware\u2019s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T14:52:27",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HANDY Groupware file download and execute vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2021-26630",
"STATE": "PUBLIC",
"TITLE": "HANDY Groupware file download and execute vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HANDY Groupware",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "1.7.4.6"
}
]
}
}
]
},
"vendor_name": "Handysoft Co.,Ltd"
},
{
"product": {
"product_data": [
{
"product_name": "HANDY Groupware",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "2.0.3.6"
}
]
}
}
]
},
"vendor_name": "Handysoft Co.,Ltd"
},
{
"product": {
"product_data": [
{
"product_name": "HANDY Groupware",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "4.0.1.7"
}
]
}
}
]
},
"vendor_name": "Handysoft Co.,Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation vulnerability in HANDY Groupware\u2019s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723",
"refsource": "MISC",
"url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2021-26630",
"datePublished": "2022-05-19T14:52:27",
"dateReserved": "2021-02-03T00:00:00",
"dateUpdated": "2024-08-03T20:26:25.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}