go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



SysJust CTS Web - Broken Access Control

TVN ID TVN-202105003
CVE ID CVE-2021-32541
CVSS 5.3 (Medium)
Affected Products SysJust CTS Web version released 2021.3.24
Description The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services.
Solution Update CTS to version released after 2021.3.24
Credit Jia-Rong Chen
Public Date 2021-05-28