go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



Mitake smart stock selection system - Broken Authentication

TVN ID TVN-202103001
CVE ID CVE-2021-28174
CVSS 6.5 (Medium)
Affected Products Mitake Smart Stock Selection System version 2020/06/23 or earlier
Description Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.
Solution Update Mitake smart stock selection system to version 2020/12/23 or later.
Credit Jia-Rong Chen
Public Date 2021-04-08