CVE-2020-3927
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CHANGING | ServiSign Windows versions | 0 <= 1.0.19.0617 | affected |
Weaknesses
- Arbitrary File Deletion
ADP Enrichment
CVE Program Container
Additional References
- https://tvn.twcert.org.tw/taiwanvn/TVN-201910007
- https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce
References
- https://tvn.twcert.org.tw/taiwanvn/TVN-201910007
- https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.