CVE-2021-32541

The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
twcertCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
sysjustcts_web
𝑥
< 2021.3.24
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html