CVE-2020-3938 - OpenCVE

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sysjust	Syuan-gu-da-shin

Configuration 1 [-]

cpe:2.3:a:sysjust:syuan-gu-da-shin:*:*:*:*:*:*:*:*

References

Link	Resource
https://tvn.twcert.org.tw/taiwanvn/TVN-201910014	Third Party Advisory
https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2020-02-04T00:00:00

Updated: 2020-02-17T16:10:59

Reserved: 2019-12-20T00:00:00

Link: CVE-2020-3938

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-04T05:15:11.353

Modified: 2022-05-24T20:58:41.140

Link: CVE-2020-3938

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "Syuan-Gu-Da-Shih", "vendor": "CHANGING", "versions": [{"lessThanOrEqual": "20191223", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2020-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Request-Forgery", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-17T16:10:59", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910014"}, {"tags": ["x_refsource_MISC"], "url": "https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215"}], "solutions": [{"lang": "en", "value": "Fixed, update to version > 20191223"}], "source": {"discovery": "EXTERNAL"}, "title": "SysJust Syuan-Gu-Da-Shih -Request-Forgery", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-02-04T05:00:00.000Z", "ID": "CVE-2020-3938", "STATE": "PUBLIC", "TITLE": "SysJust Syuan-Gu-Da-Shih -Request-Forgery"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Syuan-Gu-Da-Shih", "version": {"version_data": [{"version_affected": "<=", "version_name": "0", "version_value": "20191223"}]}}]}, "vendor_name": "CHANGING"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Request-Forgery"}]}]}, "references": {"reference_data": [{"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910014", "refsource": "MISC", "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910014"}, {"name": "https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215", "refsource": "MISC", "url": "https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215"}]}, "solution": [{"lang": "en", "value": "Fixed, update to version > 20191223"}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2020-3938", "datePublished": "2020-02-04T00:00:00", "dateReserved": "2019-12-20T00:00:00", "dateUpdated": "2020-02-17T16:10:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sysjust:syuan-gu-da-shin:*:*:*:*:*:*:*:*", "matchCriteriaId": "559F9432-595A-442D-9CB0-061662013670", "versionEndExcluding": "20191223", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Request Forgery, allowing attackers to launch inquiries into network architecture or system files of the server via forged inquests."}, {"lang": "es", "value": "SysJust Syuan-Gu-Da-Shih, versiones anteriores a 20191223, contienen vulnerabilidad de tipo Request Forgery, permitiendo a atacantes iniciar consultas sobre la arquitectura de la red o los archivos de sistema del servidor por medio de investigaciones falsificadas."}], "id": "CVE-2020-3938", "lastModified": "2022-05-24T20:58:41.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2020-02-04T05:15:11.353", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201910014"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.chtsecurity.com/news/a791f509-9782-4be1-b71f-22fc619f8215"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}