CVE-2021-28174 - Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating

CVE-2021-28174

Summary

Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.

References

https://www.twcert.org.tw/tw/cp-132-4625-4ccc6-1.html

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

08-04-2021 - 11:26

Published

08-04-2021 - 04:15

Last modified

08-04-2021 - 11:26