HIGH 8.8
CVE-2020-17759
An issue was found in the Evernote client for Windows 10, 7, and 2008 in the protocol handler. This enables attackers for arbitrary command execution if the user clicks on a specially crafted URL. AKA: WINNOTE-19941.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.4%
percentile 63.4%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| evernote | evernote | Windows | — | cpe:2.3:a:evernote:evernote:6.17.7:*:*:*:*:windows:*:* |
| evernote | evernote | Windows | — | cpe:2.3:a:evernote:evernote:6.18:beta2:*:*:*:windows:*:* |