Missing Support for Integrity Check

CVE-2020-7878

High

9.8/10

Summary

An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-353 - Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References

Advisory Timeline

Published Dec 28, 2021

Missing Support for Integrity Check

CVE-2020-7878

Summary

CWE-353 - Missing Support for Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS