Missing Support for Integrity Check

CVE-2020-7810

High

8.8/10

Summary

hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-353 - Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References

Advisory Timeline

Published Aug 07, 2020

Missing Support for Integrity Check

CVE-2020-7810

Summary

CWE-353 - Missing Support for Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS