Headline
CVE-2021-26629: KISA 인터넷 보호나라&KrCERT
A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘…\’.
Security Advisory
CVE-2021-26629 | tobesoft XPLATFORM Path Traversal Vulnerability2022.04.26
□ Overview
o tobesoft Co.,Ltd released security update to address path traversal vulnerability in XPLATFORM.
Vulnerability
Vulnerability Type
Impact
Severity
CVSS Score
CVE ID
Path Traversal
arbitrary file creation
High
8.1
CVE-2021-26629
□ Description
o A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation.
o When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘…\’.
□ Affected Product
Affected Product
Product
Version
Platform
XPLATFORM
prior of 9.2.2.280
Windows
□ Solution
o Update software over XPLATFORM 9.2.2.291 version or higher.
□ Reference
[1] https://www.tobesoft.com/product/Xplatform.do
[2] http://docs.tobesoft.com/admin_guide_xplatform_ko#5f55812f84e589d
□ Etc
o Thanks to Jeongun Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
트위터 페이스북