CVE-2020-7882

critical

Description

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36344

Details

Source: Mitre, NVD

Published: 2021-11-22

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00386

Detections

Analytics