U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:tobesoft:nexacro:17.1.3.301:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2021-26625

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file.

Published: April 19, 2022; 5:15:12 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-26607

An Improper input validation in execDefaultBrowser method of NEXACRO17 allows a remote attacker to execute arbitrary command on affected systems.

Published: October 26, 2021; 9:15:07 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2019-19167

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.

Published: May 06, 2020; 9:15:12 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH