{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T11:20:26.361","vulnerabilities":[{"cve":{"id":"CVE-2021-26630","sourceIdentifier":"vuln@krcert.or.kr","published":"2022-05-19T15:15:07.740","lastModified":"2024-11-21T05:56:37.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function."},{"lang":"es","value":"Una vulnerabilidad de comprobación de entrada inapropiada en el módulo ActiveX de HANDY Groupware permite a atacantes descargar o ejecutar archivos arbitrarios. Esta vulnerabilidad puede ser explotada usando la ruta de descarga o ejecución de archivos como el valor del parámetro de la función vulnerable"}],"metrics":{"cvssMetricV31":[{"source":"vuln@krcert.or.kr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vuln@krcert.or.kr","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:handysoft:groupware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.4.7","matchCriteriaId":"0B3EBC31-FAA9-4C1D-8412-A23517BC6B10"},{"vulnerable":true,"criteria":"cpe:2.3:a:handysoft:groupware:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0.0","versionEndExcluding":"2.0.3.7","matchCriteriaId":"86BDCB18-DEAE-45AC-9192-84B2050C9AF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:handysoft:groupware:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0.0","versionEndExcluding":"4.0.1.8","matchCriteriaId":"6F44BCC9-9AC7-4D80-9A9E-C0CD24D8C6E7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723","source":"vuln@krcert.or.kr","tags":["Third Party Advisory"]},{"url":"https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}