go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

SysJust CTS Web - Broken Access Control

TVN ID TVN-202105003
CVE ID CVE-2021-32541
CVSS 5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products SysJust CTS Web version released 2021.3.24
Description The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services.
Solution Update CTS to version released after 2021.3.24
Credit Jia-Rong Chen
Public Date 2021-05-28
Top