{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T06:52:51.131","vulnerabilities":[{"cve":{"id":"CVE-2019-17322","sourceIdentifier":"vuln@krcert.or.kr","published":"2019-10-30T21:15:11.927","lastModified":"2026-06-17T02:23:43.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page."},{"lang":"es","value":"ClipSoft REXPERT versiones 1.0.0.527 y anteriores, permiten la creación de archivos arbitrarios por medio de una petición POST con el parámetro establecido en la ruta del archivo a ser escrito. Este puede ser un archivo ejecutable en el que es escrito en el directorio arbitrario. Una interacción del usuario es requerida para explotar esta vulnerabilidad, en la que el objetivo necesita visitar una página web maliciosa."}],"affected":[{"source":"vuln@krcert.or.kr","affectedData":[{"vendor":"ClipSoft","product":"REXPERT","versions":[{"version":"1.0.0.527 and earlier","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vuln@krcert.or.kr","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:clipsoft:rexpert:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.0.527","matchCriteriaId":"6BD97D10-9D7D-4EEB-BE55-3E13C447BE69"}]}]}],"references":[{"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184","source":"vuln@krcert.or.kr","tags":["Third Party Advisory"]},{"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}