CVE-2020-7831

Summary

A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however.

Affected Software

VendorProductVersion RangeStatus
INOGARDEbiz4u CViewer Object AxECM.dllCViewer Object <= 1.0.5.1affected

Weaknesses

  • CWE-494: CWE-494 Download of Code Without Integrity Check

ADP Enrichment

CVE Program Container

Additional References

References