TVN ID | TVN-202103001 |
---|---|
CVE ID | CVE-2021-28174 |
CVSS | 6.5 (Medium) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Affected Products | Mitake Smart Stock Selection System version 2020/06/23 or earlier |
Description | Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login. |
Solution | Update Mitake smart stock selection system to version 2020/12/23 or later. |
Credit | Jia-Rong Chen |
Public Date | 2021-04-08 |