go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

Vangene deltaFlow E-platform - Broken Authentication

TVN ID TVN-202102001
CVE ID CVE-2021-28171
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products Vangene deltaFlow E-platform version 4
Description The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.
Solution Update to version 7.7
Credit TsungShu Chiu
Public Date 2021-04-06
Top