CVE-2021-20692

Published on: 04/07/2021 12:00:00 AM UTC

Last Modified on: 04/12/2021 05:47:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Certain versions of Archive Collectively Operation Utility from Eikisoft contain the following vulnerability:

Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier allows an attacker to create or overwrite files by leading a user to expand a malicious ZIP archives.

  • CVE-2021-20692 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: EikiSoft - Archive collectively operation utility version Ver.2.10.1.0 and earlier

CVSS3 Score: 7.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH HIGH

CVSS2 Score: 5.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL PARTIAL

CVE References

Description Tags Link
書庫一括操作ユーティリティにおけるディレクトリ・トラバーサルの脆弱性 | EikiSoft.com www.eikisoft.com
text/html
URL Logo MISC www.eikisoft.com/release01.html
JVN#73236007: Archive collectively operation utility vulnerable to directory traversal jvn.jp
text/xml
URL Logo MISC jvn.jp/en/jp/JVN73236007/index.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationEikisoftArchive Collectively Operation UtilityAllAllAllAll
  • cpe:2.3:a:eikisoft:archive_collectively_operation_utility:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-20692 : Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earli… twitter.com/i/web/status/1… 2021-04-07 07:26:41