CVE-2020-7866 HIGH

CVE-2020-7866: Tobesoft XPLATFORM Arbitrary Command Execution Vulnerability

Vendor Tobesoft
Product XPLATFORM
Weakness CWE-20 · Input validation
Published July 20, 2021
Last update August 4, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation

Key dates

02Disclosure timeline

July 20, 2021 CVE published
August 4, 2024 Record updated