Search criteria
12 vulnerabilities found for servisign by changingtec
CVE-2022-46306 (GCVE-0-2022-46306)
Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 16:29
VLAI?
Title
ChangingTec ServiSign - Path Traversal
Summary
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChangingTec | ServiSign |
Unknown:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6802-4341b-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T16:29:06.841950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T16:29:15.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServiSign",
"vendor": "ChangingTec",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6802-4341b-1.html"
}
],
"source": {
"advisory": "TVN-202211005",
"discovery": "EXTERNAL"
},
"title": "ChangingTec ServiSign - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-46306",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-11-29T00:00:00.000Z",
"dateUpdated": "2025-04-10T16:29:15.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46305 (GCVE-0-2022-46305)
Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 16:29
VLAI?
Title
ChangingTec ServiSign - Path Traversal
Summary
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChangingTec | ServiSign |
Unknown:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6801-bb704-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T16:29:25.926015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T16:29:34.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServiSign",
"vendor": "ChangingTec",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6801-bb704-1.html"
}
],
"source": {
"advisory": "TVN-202211004",
"discovery": "EXTERNAL"
},
"title": "ChangingTec ServiSign - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-46305",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-11-29T00:00:00.000Z",
"dateUpdated": "2025-04-10T16:29:34.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46304 (GCVE-0-2022-46304)
Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 17:46
VLAI?
Title
ChangingTec ServiSign - Command Injection
Summary
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
Severity ?
8.8 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChangingTec | ServiSign |
Unknown:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T17:45:57.528186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T17:46:14.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServiSign ",
"vendor": "ChangingTec",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html"
}
],
"source": {
"advisory": "TVN-202211003",
"discovery": "EXTERNAL"
},
"title": "ChangingTec ServiSign - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-46304",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-11-29T00:00:00.000Z",
"dateUpdated": "2025-04-10T17:46:14.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3927 (GCVE-0-2020-3927)
Vulnerability from nvd – Published: 2020-02-03 11:00 – Updated: 2024-09-16 22:55
VLAI?
Title
ServiSign Windows Versions- Arbitrary File Deletion
Summary
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Severity ?
8.3 (High)
CWE
- Arbitrary File Deletion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING | ServiSign Windows versions |
Affected:
0 , ≤ 1.0.19.0617
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ServiSign Windows versions",
"vendor": "CHANGING",
"versions": [
{
"lessThanOrEqual": "1.0.19.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:58:51",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ServiSign Windows Versions- Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
"ID": "CVE-2020-3927",
"STATE": "PUBLIC",
"TITLE": "ServiSign Windows Versions- Arbitrary File Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ServiSign Windows versions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.0.19.0617"
}
]
}
}
]
},
"vendor_name": "CHANGING"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
},
{
"name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3927",
"datePublished": "2020-02-03T11:00:31.635355Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-16T22:55:21.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3926 (GCVE-0-2020-3926)
Vulnerability from nvd – Published: 2020-02-03 11:00 – Updated: 2024-09-16 17:14
VLAI?
Title
ServiSign Windows Versions- Arbitrary File Access
Summary
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Severity ?
6.1 (Medium)
CWE
- Arbitrary File Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING | ServiSign Windows versions |
Affected:
0 , ≤ 1.0.19.0617
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ServiSign Windows versions",
"vendor": "CHANGING",
"versions": [
{
"lessThanOrEqual": "1.0.19.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:58:04",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ServiSign Windows Versions- Arbitrary File Access",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
"ID": "CVE-2020-3926",
"STATE": "PUBLIC",
"TITLE": "ServiSign Windows Versions- Arbitrary File Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ServiSign Windows versions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.0.19.0617"
}
]
}
}
]
},
"vendor_name": "CHANGING"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3926",
"datePublished": "2020-02-03T11:00:31.233534Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-16T17:14:45.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3925 (GCVE-0-2020-3925)
Vulnerability from nvd – Published: 2020-02-03 11:00 – Updated: 2024-09-17 03:22
VLAI?
Title
ServiSign Windows Versions- Remote Code Execution via LoadLibrary
Summary
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
Severity ?
8.3 (High)
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING | ServiSign Windows versions |
Affected:
0 , ≤ 1.0.19.0617
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ServiSign Windows versions",
"vendor": "CHANGING",
"versions": [
{
"lessThanOrEqual": "1.0.19.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:55:42",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ServiSign Windows Versions- Remote Code Execution via LoadLibrary",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
"ID": "CVE-2020-3925",
"STATE": "PUBLIC",
"TITLE": "ServiSign Windows Versions- Remote Code Execution via LoadLibrary"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ServiSign Windows versions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.0.19.0617"
}
]
}
}
]
},
"vendor_name": "CHANGING"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
},
{
"name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3925",
"datePublished": "2020-02-03T11:00:30.831250Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T03:22:58.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46306 (GCVE-0-2022-46306)
Vulnerability from cvelistv5 – Published: 2023-01-03 00:00 – Updated: 2025-04-10 16:29
VLAI?
Title
ChangingTec ServiSign - Path Traversal
Summary
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChangingTec | ServiSign |
Unknown:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6802-4341b-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T16:29:06.841950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T16:29:15.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServiSign",
"vendor": "ChangingTec",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6802-4341b-1.html"
}
],
"source": {
"advisory": "TVN-202211005",
"discovery": "EXTERNAL"
},
"title": "ChangingTec ServiSign - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-46306",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-11-29T00:00:00.000Z",
"dateUpdated": "2025-04-10T16:29:15.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46304 (GCVE-0-2022-46304)
Vulnerability from cvelistv5 – Published: 2023-01-03 00:00 – Updated: 2025-04-10 17:46
VLAI?
Title
ChangingTec ServiSign - Command Injection
Summary
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
Severity ?
8.8 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChangingTec | ServiSign |
Unknown:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T17:45:57.528186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T17:46:14.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServiSign ",
"vendor": "ChangingTec",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6800-b5cf6-1.html"
}
],
"source": {
"advisory": "TVN-202211003",
"discovery": "EXTERNAL"
},
"title": "ChangingTec ServiSign - Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-46304",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-11-29T00:00:00.000Z",
"dateUpdated": "2025-04-10T17:46:14.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46305 (GCVE-0-2022-46305)
Vulnerability from cvelistv5 – Published: 2023-01-03 00:00 – Updated: 2025-04-10 16:29
VLAI?
Title
ChangingTec ServiSign - Path Traversal
Summary
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Severity ?
6.5 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChangingTec | ServiSign |
Unknown:
0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6801-bb704-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T16:29:25.926015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T16:29:34.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ServiSign",
"vendor": "ChangingTec",
"versions": [
{
"status": "unknown",
"version": "0"
}
]
}
],
"datePublic": "2022-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6801-bb704-1.html"
}
],
"source": {
"advisory": "TVN-202211004",
"discovery": "EXTERNAL"
},
"title": "ChangingTec ServiSign - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-46305",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-11-29T00:00:00.000Z",
"dateUpdated": "2025-04-10T16:29:34.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3927 (GCVE-0-2020-3927)
Vulnerability from cvelistv5 – Published: 2020-02-03 11:00 – Updated: 2024-09-16 22:55
VLAI?
Title
ServiSign Windows Versions- Arbitrary File Deletion
Summary
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Severity ?
8.3 (High)
CWE
- Arbitrary File Deletion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING | ServiSign Windows versions |
Affected:
0 , ≤ 1.0.19.0617
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ServiSign Windows versions",
"vendor": "CHANGING",
"versions": [
{
"lessThanOrEqual": "1.0.19.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:58:51",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ServiSign Windows Versions- Arbitrary File Deletion",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
"ID": "CVE-2020-3927",
"STATE": "PUBLIC",
"TITLE": "ServiSign Windows Versions- Arbitrary File Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ServiSign Windows versions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.0.19.0617"
}
]
}
}
]
},
"vendor_name": "CHANGING"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910007"
},
{
"name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3927",
"datePublished": "2020-02-03T11:00:31.635355Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-16T22:55:21.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3926 (GCVE-0-2020-3926)
Vulnerability from cvelistv5 – Published: 2020-02-03 11:00 – Updated: 2024-09-16 17:14
VLAI?
Title
ServiSign Windows Versions- Arbitrary File Access
Summary
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Severity ?
6.1 (Medium)
CWE
- Arbitrary File Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING | ServiSign Windows versions |
Affected:
0 , ≤ 1.0.19.0617
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ServiSign Windows versions",
"vendor": "CHANGING",
"versions": [
{
"lessThanOrEqual": "1.0.19.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary File Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:58:04",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ServiSign Windows Versions- Arbitrary File Access",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
"ID": "CVE-2020-3926",
"STATE": "PUBLIC",
"TITLE": "ServiSign Windows Versions- Arbitrary File Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ServiSign Windows versions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.0.19.0617"
}
]
}
}
]
},
"vendor_name": "CHANGING"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary File Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910006"
},
{
"name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3926",
"datePublished": "2020-02-03T11:00:31.233534Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-16T17:14:45.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3925 (GCVE-0-2020-3925)
Vulnerability from cvelistv5 – Published: 2020-02-03 11:00 – Updated: 2024-09-17 03:22
VLAI?
Title
ServiSign Windows Versions- Remote Code Execution via LoadLibrary
Summary
A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts.
Severity ?
8.3 (High)
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CHANGING | ServiSign Windows versions |
Affected:
0 , ≤ 1.0.19.0617
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ServiSign Windows versions",
"vendor": "CHANGING",
"versions": [
{
"lessThanOrEqual": "1.0.19.0617",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T15:55:42",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ServiSign Windows Versions- Remote Code Execution via LoadLibrary",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-02-03T10:00:00.000Z",
"ID": "CVE-2020-3925",
"STATE": "PUBLIC",
"TITLE": "ServiSign Windows Versions- Remote Code Execution via LoadLibrary"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ServiSign Windows versions",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "0",
"version_value": "1.0.19.0617"
}
]
}
}
]
},
"vendor_name": "CHANGING"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005",
"refsource": "MISC",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910005"
},
{
"name": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3925",
"datePublished": "2020-02-03T11:00:30.831250Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T03:22:58.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}