Description
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://tvn.twcert.org.tw/taiwanvn/TVN-201910006
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce
Scores
CVSS v3
6.1
EPSS
0.0145
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Details
CWE
CWE-552
Status
published
Products (1)
changingtec/servisign
< 1.0.19.0617
Published
Feb 03, 2020
Tracked Since
Feb 18, 2026