CVE-2021-26605
Discription

An improper input validation vulnerability in the service of ezPDFReader allows attacker to execute arbitrary command. This issue occurred when the ezPDF launcher received and executed crafted input values through JSON-RPC communication.Read More

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36168

7.5 High

CVSS2

  • Access Vector
  • Access Complexity
  • Authentication
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • None
  • Partial
  • Partial
  • Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 Critical

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • None
  • None
  • Unchanged
  • High
  • High
  • High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Back to Main
Subscribe for the latest news: