Search
Find a vulnerability
Search criteria
2 vulnerabilities found for HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10 by HandySoft
CVE-2020-7804 (GCVE-0-2020-7804)
Vulnerability from nvd – Published: 2020-04-29 14:51 – Updated: 2024-08-04 09:41
VLAI
EPSS
VEX
Summary
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
Severity
6.4 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.handysoft.co.kr/product/product.html?seq=12 | x_refsource_CONFIRM |
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HandySoft | HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10 |
Affected:
1.7.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.handysoft.co.kr/product/product.html?seq=12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10",
"vendor": "HandySoft",
"versions": [
{
"status": "affected",
"version": "1.7.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T14:51:24.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.handysoft.co.kr/product/product.html?seq=12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10",
"version": {
"version_data": [
{
"version_value": "1.7.3.1"
}
]
}
}
]
},
"vendor_name": "HandySoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.handysoft.co.kr/product/product.html?seq=12",
"refsource": "CONFIRM",
"url": "http://www.handysoft.co.kr/product/product.html?seq=12"
},
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368",
"refsource": "CONFIRM",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7804",
"datePublished": "2020-04-29T14:51:24.000Z",
"dateReserved": "2020-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:41:01.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7804 (GCVE-0-2020-7804)
Vulnerability from cvelistv5 – Published: 2020-04-29 14:51 – Updated: 2024-08-04 09:41
VLAI
EPSS
VEX
Summary
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
Severity
6.4 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.handysoft.co.kr/product/product.html?seq=12 | x_refsource_CONFIRM |
| https://www.boho.or.kr/krcert/secNoticeView.do?bu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HandySoft | HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10 |
Affected:
1.7.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.handysoft.co.kr/product/product.html?seq=12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10",
"vendor": "HandySoft",
"versions": [
{
"status": "affected",
"version": "1.7.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T14:51:24.000Z",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.handysoft.co.kr/product/product.html?seq=12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HandySoft Groupware(HShell.dll) for for Windows 7, 8, 10",
"version": {
"version_data": [
{
"version_value": "1.7.3.1"
}
]
}
}
]
},
"vendor_name": "HandySoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.handysoft.co.kr/product/product.html?seq=12",
"refsource": "CONFIRM",
"url": "http://www.handysoft.co.kr/product/product.html?seq=12"
},
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368",
"refsource": "CONFIRM",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35368"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7804",
"datePublished": "2020-04-29T14:51:24.000Z",
"dateReserved": "2020-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:41:01.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}