Search criteria
6 vulnerabilities found for CTS Web by SysJust
CVE-2021-32543 (GCVE-0-2021-32543)
Vulnerability from cvelistv5 – Published: 2021-05-28 08:10 – Updated: 2024-09-16 22:24
VLAI?
Title
SysJust CTS Web - Broken Authentication
Summary
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.
Severity ?
6.5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTS Web",
"vendor": "SysJust",
"versions": [
{
"lessThanOrEqual": "released 2021.3.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:25:29",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"solutions": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105005",
"discovery": "EXTERNAL"
},
"title": "SysJust CTS Web - Broken Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-05-28T07:56:00.000Z",
"ID": "CVE-2021-32543",
"STATE": "PUBLIC",
"TITLE": "SysJust CTS Web - Broken Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTS Web",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "released 2021.3.25"
}
]
}
}
]
},
"vendor_name": "SysJust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html"
},
{
"name": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32543",
"datePublished": "2021-05-28T08:10:28.395920Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T22:24:59.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32542 (GCVE-0-2021-32542)
Vulnerability from cvelistv5 – Published: 2021-05-28 08:10 – Updated: 2024-09-16 19:05
VLAI?
Title
SysJust CTS Web - Reflected XSS
Summary
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTS Web",
"vendor": "SysJust",
"versions": [
{
"lessThanOrEqual": "released 2021.3.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users\u2019 connection token that triggered the attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:25:28",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"solutions": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105004",
"discovery": "EXTERNAL"
},
"title": "SysJust CTS Web - Reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-05-28T07:56:00.000Z",
"ID": "CVE-2021-32542",
"STATE": "PUBLIC",
"TITLE": "SysJust CTS Web - Reflected XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTS Web",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "released 2021.3.25"
}
]
}
}
]
},
"vendor_name": "SysJust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users\u2019 connection token that triggered the attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html"
},
{
"name": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32542",
"datePublished": "2021-05-28T08:10:27.711774Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T19:05:10.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32541 (GCVE-0-2021-32541)
Vulnerability from cvelistv5 – Published: 2021-05-28 08:10 – Updated: 2024-09-17 00:46
VLAI?
Title
SysJust CTS Web - Broken Access Control
Summary
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services
Severity ?
5.3 (Medium)
CWE
- None
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTS Web",
"vendor": "SysJust",
"versions": [
{
"lessThanOrEqual": "released 2021.3.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "None",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:25:27",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"solutions": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105003",
"discovery": "EXTERNAL"
},
"title": "SysJust CTS Web - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-05-28T07:56:00.000Z",
"ID": "CVE-2021-32541",
"STATE": "PUBLIC",
"TITLE": "SysJust CTS Web - Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTS Web",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "released 2021.3.25"
}
]
}
}
]
},
"vendor_name": "SysJust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html"
},
{
"name": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32541",
"datePublished": "2021-05-28T08:10:27.063232Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-17T00:46:15.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32543 (GCVE-0-2021-32543)
Vulnerability from nvd – Published: 2021-05-28 08:10 – Updated: 2024-09-16 22:24
VLAI?
Title
SysJust CTS Web - Broken Authentication
Summary
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.
Severity ?
6.5 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTS Web",
"vendor": "SysJust",
"versions": [
{
"lessThanOrEqual": "released 2021.3.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:25:29",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"solutions": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105005",
"discovery": "EXTERNAL"
},
"title": "SysJust CTS Web - Broken Authentication",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-05-28T07:56:00.000Z",
"ID": "CVE-2021-32543",
"STATE": "PUBLIC",
"TITLE": "SysJust CTS Web - Broken Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTS Web",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "released 2021.3.25"
}
]
}
}
]
},
"vendor_name": "SysJust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html"
},
{
"name": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32543",
"datePublished": "2021-05-28T08:10:28.395920Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T22:24:59.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32542 (GCVE-0-2021-32542)
Vulnerability from nvd – Published: 2021-05-28 08:10 – Updated: 2024-09-16 19:05
VLAI?
Title
SysJust CTS Web - Reflected XSS
Summary
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTS Web",
"vendor": "SysJust",
"versions": [
{
"lessThanOrEqual": "released 2021.3.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users\u2019 connection token that triggered the attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:25:28",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"solutions": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105004",
"discovery": "EXTERNAL"
},
"title": "SysJust CTS Web - Reflected XSS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-05-28T07:56:00.000Z",
"ID": "CVE-2021-32542",
"STATE": "PUBLIC",
"TITLE": "SysJust CTS Web - Reflected XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTS Web",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "released 2021.3.25"
}
]
}
}
]
},
"vendor_name": "SysJust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users\u2019 connection token that triggered the attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html"
},
{
"name": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32542",
"datePublished": "2021-05-28T08:10:27.711774Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T19:05:10.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32541 (GCVE-0-2021-32541)
Vulnerability from nvd – Published: 2021-05-28 08:10 – Updated: 2024-09-17 00:46
VLAI?
Title
SysJust CTS Web - Broken Access Control
Summary
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services
Severity ?
5.3 (Medium)
CWE
- None
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CTS Web",
"vendor": "SysJust",
"versions": [
{
"lessThanOrEqual": "released 2021.3.25",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "None",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-21T10:25:27",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
],
"solutions": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105003",
"discovery": "EXTERNAL"
},
"title": "SysJust CTS Web - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-05-28T07:56:00.000Z",
"ID": "CVE-2021-32541",
"STATE": "PUBLIC",
"TITLE": "SysJust CTS Web - Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CTS Web",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "released 2021.3.25"
}
]
}
}
]
},
"vendor_name": "SysJust"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html"
},
{
"name": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update CTS to version released after 2021.3.25"
}
],
"source": {
"advisory": "TVN-202105003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32541",
"datePublished": "2021-05-28T08:10:27.063232Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-17T00:46:15.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}