Tobesoft XPLATFORM 9.2.2.270

CPE Details

Tobesoft XPLATFORM 9.2.2.270
tobesoft
xplatform
9.2.2.270
2021-07-26
11h58 +00:00
2021-09-30
15h10 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:tobesoft:xplatform:9.2.2.270:*:*:*:*:*:*:*

Informations

Vendor

tobesoft

Product

xplatform

Version

9.2.2.270

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-26629 2022-04-26 16h17 +00:00 A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.
8.8
Haute
CVE-2021-26626 2022-04-19 18h26 +00:00 Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.
8.8
Haute
CVE-2020-7866 2021-07-20 08h12 +00:00 When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation
9.8
Critique
CVE-2020-7857 2021-04-20 17h56 +00:00 A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280.
9.8
Critique