sysjust 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and vendor risk ssrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-32543 | The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity. | [email protected] | 6.5 | 0.11% | 2021-05-28 | 2024-11-21 |
| CVE-2021-32542 | The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack. | [email protected] | 4.7 | 0.46% | 2021-05-28 | 2024-11-21 |
| CVE-2021-32541 | The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services | [email protected] | 5.3 | 0.35% | 2021-05-28 | 2024-11-21 |
| CVE-2020-3939 | SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. | [email protected] | 6.1 | 0.30% | 2020-02-04 | 2024-11-21 |
| CVE-2020-3938 | SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests. | [email protected] | 9.8 | 0.36% | 2020-02-04 | 2024-11-21 |
| CVE-2020-3937 | SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, allowing attackers to perform unwanted SQL queries and access arbitrary file in the database. | [email protected] | 8.1 | 0.33% | 2020-02-04 | 2024-11-21 |