{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T04:10:49.312","vulnerabilities":[{"cve":{"id":"CVE-2021-26608","sourceIdentifier":"vuln@krcert.or.kr","published":"2021-09-09T13:15:08.543","lastModified":"2024-11-21T05:56:34.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash."},{"lang":"es","value":"Se ha encontrado una vulnerabilidad de descarga y ejecución arbitraria de archivos en el módulo HShell.dll del groupware ActiveX de handysoft Co., Ltd. Este problema es debido a una falta de soporte para la comprobación de la integridad de la URL de descarga o del hash del archivo descargado"}],"metrics":{"cvssMetricV31":[{"source":"vuln@krcert.or.kr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vuln@krcert.or.kr","type":"Secondary","description":[{"lang":"en","value":"CWE-353"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:handysoft:hshell:1.7.4.5:*:*:*:*:*:*:*","matchCriteriaId":"FB9DCED4-15F3-46A3-B119-FE1C2916E6CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:handysoft:hshell:2.0.3.5:*:*:*:*:*:*:*","matchCriteriaId":"F5A2C99D-8FD6-4E9B-96F0-0649E6B6442A"},{"vulnerable":true,"criteria":"cpe:2.3:a:handysoft:hshell:4.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"79C4224E-0FD4-45FA-A2D1-7C06DE22B864"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239","source":"vuln@krcert.or.kr","tags":["Third Party Advisory"]},{"url":"https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36239","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}