go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Vangene deltaFlow E-platform - Broken Authentication

TVN ID TVN-202102001
CVE ID CVE-2021-28171
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products Vangene deltaFlow E-platform version 4
Description The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.
Solution Update to version 7.7
Credit TsungShu Chiu
Public Date 2021-04-06

Links

  1. CVE-2021-28171
  2. CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Workflow Platform
Top