CVE-2020-7831 Vulnerability Details

  /     /     /  

CVE-2020-7831 Metadata Quick Info

CVE Published: 24/08/2020 | CVE Updated: 17/09/2024 | CVE Year: 2020
Source: krcert | Vendor: INOGARD | Product: Ebiz4u CViewer Object AxECM.dll
Status : PUBLISHED

---

CVE-2020-7831 Description

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

Metrics

CVSS Version: 3.1 | Base Score: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-494
CWE Name: CWE-494 Download of Code Without Integrity Check
Source: INOGARD

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).