4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5313-45bde-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-11-19T00:00:00
Updated: 2021-11-19T09:05:12
Reserved: 2021-10-12T00:00:00
Link: CVE-2021-42338
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-19T09:15:06.683
Modified: 2022-08-09T14:40:43.893
Link: CVE-2021-42338
JSON object: View
Redhat Information
No data.