Vulnerability Details CVE-2021-26629
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
Products affected by CVE-2021-26629
-
cpe:2.3:a:tobesoft:xplatform:-
-
cpe:2.3:a:tobesoft:xplatform:9.1
-
cpe:2.3:a:tobesoft:xplatform:9.2
-
cpe:2.3:a:tobesoft:xplatform:9.2.0
-
cpe:2.3:a:tobesoft:xplatform:9.2.1
-
cpe:2.3:a:tobesoft:xplatform:9.2.2
-
cpe:2.3:a:tobesoft:xplatform:9.2.2.250
-
cpe:2.3:a:tobesoft:xplatform:9.2.2.260
-
cpe:2.3:a:tobesoft:xplatform:9.2.2.270
-
cpe:2.3:a:tobesoft:xplatform:9.2.2.280
-
cpe:2.3:a:tobesoft:xplatform:9.2.2.80
-
cpe:2.3:o:microsoft:windows:-