본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26629 | tobesoft XPLATFORM Path Traversal Vulnerability2022.04.26
□ Overview
 o tobesoft Co.,Ltd released security update to address path traversal vulnerability in XPLATFORM.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Path Traversal arbitrary file creation High 8.1 CVE-2021-26629

□ Description
 o A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation.
 o When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.

□ Affected Product
Affected Product
Product Version Platform
XPLATFORM prior of 9.2.2.284 Windows

□ Solution
 o Update software over XPLATFORM 9.2.2.284 version or higher.

□ Reference
 [1] https://www.tobesoft.com/product/Xplatform.do
 [2] http://docs.tobesoft.com/admin_guide_xplatform_ko#5f55812f84e589d

□ Etc
 o Thanks to Jeongun Baek for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀