Missing Support for Integrity Check

CVE-2021-26608

High

8.8/10

Summary

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-353 - Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References

Advisory Timeline

Published Sep 09, 2021

Missing Support for Integrity Check

CVE-2021-26608

Summary

CWE-353 - Missing Support for Integrity Check

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS