CROWNIX Report & ERS Multiple Vulnerabilities Advisory (KVE-2024-0285/0286/0291)

From this webpage screenshot, the following key vulnerability information can be obtained: Vulnerability Information 1. CROWNIX 7 Inappropriate Input Handling Advisory (KVE-2024-0285) - Description: Unauthorized account access via short-term authentication tokens for all authenticated users when using API through ManagerService - Affected Versions: CROWNIX Report & ERS TX -> version 7.4.3.299, CROWNIX Report & ERS SX -> version 8.0.3.79 - Fixed Versions: CROWNIX Report & ERS TX -> version 7.4.3.361 or later, CROWNIX Report & ERS SX -> version 8.0.3.82 or later 2. CROWNIX 7 Buffer Overflow Vulnerability (KVE-2024-0286) - Description: Memory overflow and deletion in address book update function without authentication verification - Affected Versions: CROWNIX Report & ERS TX -> version 7.4.3.599, CROWNIX Report & ERS SX -> version 8.0.3.79 - Fixed Versions: CROWNIX Report & ERS TX -> version 7.4.3.601 or later, CROWNIX Report & ERS SX -> version 8.0.3.82 or later 3. CROWNIX Report/ERS 7 and 8 File Upload and Execution Vulnerability (KVE-2024-0291) - Description: Malicious file upload and execution possible - Affected Versions: CROWNIX Report & ERS SX -> 5.5.14.1070, CROWNIX Report & ERS TX -> 7.4.3.591, CROWNIX Report & ERS SX -> 8.2.0.346 - Fixed Versions: CROWNIX Report & ERS SX -> 5.5.14.1071 or later, CROWNIX Report & ERS TX -> 7.4.3.591 or later, CROWNIX Report & ERS SX -> 8.2.0.346 or later Additional Information Announcement Date: 2024-07-24 Contact Information: - Phone: 02-2188-8500 - Email: contact@m2soft.co.kr

Goal Reached Thanks to every supporter — we hit 100%!

CROWNIX Report & ERS Multiple Vulnerabilities Advisory (KVE-2024-0285/0286/0291)