CVE-2020-3938

EUVD-2020-25203
SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
twcertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
sysjustsyuan-gu-da-shin
𝑥
< 20191223
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tvn.twcert.org.tw/taiwanvn/TVN-201910014
https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215
https://tvn.twcert.org.tw/taiwanvn/TVN-201910014
https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215