go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



SysJust CTS Web - Broken Authentication

TVN ID TVN-202105005
CVE ID CVE-2021-32543
CVSS 5.4 (Medium)
Affected Products SysJust CTS Web version released 2021.3.24
Description The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.
Solution Update CTS to version released after 2021.3.24
Credit Jia-Rong Chen
Public Date 2021-05-28