go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Changing Information Technology Inc. RAVA certificate validation system - Path Traversal

TVN ID TVN-202209014
CVE ID CVE-2022-39058
CVSS 7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products Changing Information Technology Inc. RAVA certificate validation system v3
Description RAVA certification validation system has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Solution Contact tech support from Changing
Credit Vickey Tsai蔡馨儀 (Acer Cyber Security Inc., ACSI)
Public Date 2022-10-18
Top