Vulnerability Details : CVE-2021-32541
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-32541
- cpe:2.3:a:sysjust:cts_web:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32541
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32541
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
TWCERT/CC |
CWE ids for CVE-2021-32541
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-32541
-
https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html
TWCERT/CC台灣電腦網路危機處理暨協調中心-嘉實資訊 CTS Web 交易系統 - Broken Access ControlThird Party Advisory
-
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System|中華資安國際 CHT Security Co., Ltd.Third Party Advisory
Jump to