{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T13:59:11.899","vulnerabilities":[{"cve":{"id":"CVE-2020-7874","sourceIdentifier":"vuln@krcert.or.kr","published":"2021-09-09T13:15:08.437","lastModified":"2026-06-17T03:25:35.293","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension."},{"lang":"es","value":"Una vulnerabilidad de descarga de código sin comprobación de integridad en el control ActiveX en tiempo de ejecución NEXACRO14 de tobesoft Co., Ltd permite al atacante causar una descarga y ejecución arbitraria de archivos. Esta vulnerabilidad es debido a que una comprobación de la URL de descarga de archivos o la extensión de los mismos es incompleta"}],"affected":[{"source":"vuln@krcert.or.kr","affectedData":[{"vendor":"TOBESOFT","product":"NEXACRO14","platforms":["Windows"],"versions":[{"version":"14.0.1.3600","lessThan":"14.0.1.3600","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vuln@krcert.or.kr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"vuln@krcert.or.kr","type":"Secondary","description":[{"lang":"en","value":"CWE-494"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-494"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tobesoft:nexacro:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0.0.0","versionEndExcluding":"14.0.1.3600","matchCriteriaId":"AB0F9E21-A4D4-43FD-B160-78E80F521E33"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235","source":"vuln@krcert.or.kr","tags":["Third Party Advisory"]},{"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36235","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}