go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

ChanGate EnterPrise Co., Ltd property management system - Broken Authentication

TVN ID TVN-202101012
CVE ID CVE-2021-22858
CVSS 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products CGE property management system version 1.00
Description Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
Solution Update CGE property management system to the latest version.
Credit Jia-Rong Chen
Public Date 2021-02-17
Top