Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ServiSign Windows versions by CHANGING

    CVE-2020-3927 (GCVE-0-2020-3927)

    Vulnerability from nvd – Published: 2020-02-03 11:00 – Updated: 2024-09-16 22:55
    VLAI
    Title
    ServiSign Windows Versions- Arbitrary File Deletion
    Summary
    An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
    CWE
    • Arbitrary File Deletion
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING ServiSign Windows versions Affected: 0 , ≤ 1.0.19.0617 (custom)
    Create a notification for this product.
    Date Public
    2020-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ServiSign Windows versions",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.19.0617",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Deletion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T15:58:51.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ServiSign Windows Versions- Arbitrary File  Deletion",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
              "ID": "CVE-2020-3927",
              "STATE": "PUBLIC",
              "TITLE": "ServiSign Windows Versions- Arbitrary File  Deletion"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ServiSign Windows versions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "0",
                                "version_value": "1.0.19.0617"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CHANGING"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Deletion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007",
                  "refsource": "MISC",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
                },
                {
                  "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3927",
        "datePublished": "2020-02-03T11:00:31.635Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:55:21.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3926 (GCVE-0-2020-3926)

    Vulnerability from nvd – Published: 2020-02-03 11:00 – Updated: 2024-09-16 17:14
    VLAI
    Title
    ServiSign Windows Versions- Arbitrary File Access
    Summary
    An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
    CWE
    • Arbitrary File Access
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING ServiSign Windows versions Affected: 0 , ≤ 1.0.19.0617 (custom)
    Create a notification for this product.
    Date Public
    2020-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ServiSign Windows versions",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.19.0617",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T15:58:04.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ServiSign Windows Versions- Arbitrary File  Access",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
              "ID": "CVE-2020-3926",
              "STATE": "PUBLIC",
              "TITLE": "ServiSign Windows Versions- Arbitrary File  Access"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ServiSign Windows versions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "0",
                                "version_value": "1.0.19.0617"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CHANGING"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006",
                  "refsource": "MISC",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
                },
                {
                  "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3926",
        "datePublished": "2020-02-03T11:00:31.233Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:45.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3925 (GCVE-0-2020-3925)

    Vulnerability from nvd – Published: 2020-02-03 11:00 – Updated: 2024-09-17 03:22
    VLAI
    Title
    ServiSign Windows Versions- Remote Code Execution via LoadLibrary
    Summary
    A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING ServiSign Windows versions Affected: 0 , ≤ 1.0.19.0617 (custom)
    Create a notification for this product.
    Date Public
    2020-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ServiSign Windows versions",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.19.0617",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T15:55:42.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ServiSign Windows Versions- Remote Code Execution via  LoadLibrary",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
              "ID": "CVE-2020-3925",
              "STATE": "PUBLIC",
              "TITLE": "ServiSign Windows Versions- Remote Code Execution via  LoadLibrary"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ServiSign Windows versions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "0",
                                "version_value": "1.0.19.0617"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CHANGING"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005",
                  "refsource": "MISC",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
                },
                {
                  "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3925",
        "datePublished": "2020-02-03T11:00:30.831Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:58.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3927 (GCVE-0-2020-3927)

    Vulnerability from cvelistv5 – Published: 2020-02-03 11:00 – Updated: 2024-09-16 22:55
    VLAI
    Title
    ServiSign Windows Versions- Arbitrary File Deletion
    Summary
    An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
    CWE
    • Arbitrary File Deletion
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING ServiSign Windows versions Affected: 0 , ≤ 1.0.19.0617 (custom)
    Create a notification for this product.
    Date Public
    2020-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ServiSign Windows versions",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.19.0617",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Deletion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T15:58:51.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ServiSign Windows Versions- Arbitrary File  Deletion",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
              "ID": "CVE-2020-3927",
              "STATE": "PUBLIC",
              "TITLE": "ServiSign Windows Versions- Arbitrary File  Deletion"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ServiSign Windows versions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "0",
                                "version_value": "1.0.19.0617"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CHANGING"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Deletion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007",
                  "refsource": "MISC",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
                },
                {
                  "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3927",
        "datePublished": "2020-02-03T11:00:31.635Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:55:21.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3926 (GCVE-0-2020-3926)

    Vulnerability from cvelistv5 – Published: 2020-02-03 11:00 – Updated: 2024-09-16 17:14
    VLAI
    Title
    ServiSign Windows Versions- Arbitrary File Access
    Summary
    An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
    CWE
    • Arbitrary File Access
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING ServiSign Windows versions Affected: 0 , ≤ 1.0.19.0617 (custom)
    Create a notification for this product.
    Date Public
    2020-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ServiSign Windows versions",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.19.0617",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary File Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T15:58:04.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ServiSign Windows Versions- Arbitrary File  Access",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
              "ID": "CVE-2020-3926",
              "STATE": "PUBLIC",
              "TITLE": "ServiSign Windows Versions- Arbitrary File  Access"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ServiSign Windows versions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "0",
                                "version_value": "1.0.19.0617"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CHANGING"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Arbitrary File Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006",
                  "refsource": "MISC",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
                },
                {
                  "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3926",
        "datePublished": "2020-02-03T11:00:31.233Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:45.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3925 (GCVE-0-2020-3925)

    Vulnerability from cvelistv5 – Published: 2020-02-03 11:00 – Updated: 2024-09-17 03:22
    VLAI
    Title
    ServiSign Windows Versions- Remote Code Execution via LoadLibrary
    Summary
    A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    CHANGING ServiSign Windows versions Affected: 0 , ≤ 1.0.19.0617 (custom)
    Create a notification for this product.
    Date Public
    2020-02-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:20.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ServiSign Windows versions",
              "vendor": "CHANGING",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.19.0617",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T15:55:42.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "ServiSign Windows Versions- Remote Code Execution via  LoadLibrary",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
              "ID": "CVE-2020-3925",
              "STATE": "PUBLIC",
              "TITLE": "ServiSign Windows Versions- Remote Code Execution via  LoadLibrary"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ServiSign Windows versions",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "0",
                                "version_value": "1.0.19.0617"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CHANGING"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005",
                  "refsource": "MISC",
                  "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
                },
                {
                  "name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
                  "refsource": "MISC",
                  "url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3925",
        "datePublished": "2020-02-03T11:00:30.831Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:22:58.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }