CVE-2020-7882

Summary

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')

Affected Software

VendorProductVersion RangeStatus
HancomwithanySign4PC1.1.1.0affected
HancomwithanySign4PC1.1.2.6affected
HancomwithanySign4PC1.1.2.7affected

Weaknesses

  • CWE-24: CWE-24 Path Traversal: '../filedir'

ADP Enrichment

CVE Program Container

Additional References

References