exploitDog

GHSA-f6q3-hjwj-2j45

Опубликовано: 02 авг. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.

Ссылки

EPSS

Процентиль: 84%

0.02284

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2024-40721

CVSS3: 8.8

nvd

больше 1 года назад

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.

EPSS

Процентиль: 84%

0.02284

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-20