CVE-2021-32543

Published: May 28, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.

Affected (1)

Products: Sysjust: Cts Web

Sysjust

1 product

Cts Web

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sysjust Cts Web	Before 2021.3.24

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.