{ "CVE_data_meta": { "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2021-26612", "STATE": "PUBLIC", "TITLE": "tobesoft Nexacro platform arbitrary file creation vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "NEXACRO17", "version": { "version_data": [ { "platform": "Windows", "version_affected": "<=", "version_name": "17.1.2.500", "version_value": "17.1.2.500" } ] } } ] }, "vendor_name": "TOBESOFT" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380", "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380" } ] }, "source": { "discovery": "UNKNOWN" } }