{"containers":{"cna":{"affected":[{"platforms":["Windows"],"product":"NEXACRO17","vendor":"TOBESOFT","versions":[{"lessThanOrEqual":"17.1.2.500","status":"affected","version":"17.1.2.500","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-11-30T18:39:25.000Z","orgId":"cdd7a122-0fae-4202-8d86-14efbacc2863","shortName":"krcert"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380"}],"source":{"discovery":"UNKNOWN"},"title":"tobesoft Nexacro platform arbitrary file creation vulnerability","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"vuln@krcert.or.kr","ID":"CVE-2021-26612","STATE":"PUBLIC","TITLE":"tobesoft Nexacro platform arbitrary file creation vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"NEXACRO17","version":{"version_data":[{"platform":"Windows","version_affected":"<=","version_name":"17.1.2.500","version_value":"17.1.2.500"}]}}]},"vendor_name":"TOBESOFT"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380","refsource":"MISC","url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T20:26:25.500Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36380"}]}]},"cveMetadata":{"assignerOrgId":"cdd7a122-0fae-4202-8d86-14efbacc2863","assignerShortName":"krcert","cveId":"CVE-2021-26612","datePublished":"2021-11-30T18:39:25.000Z","dateReserved":"2021-02-03T00:00:00.000Z","dateUpdated":"2024-08-03T20:26:25.500Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}