CVE-2020-3927
HIGHServiSign < 1.0.19.0617 - Arbitrary File Access via Crafted API Parameter
Title source: llmDescription
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://tvn.twcert.org.tw/taiwanvn/TVN-201910007
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/1179d48b-7609-4f67-9d7e-3bac2979c6ce
Scores
CVSS v3
8.3
EPSS
0.0118
EPSS Percentile
63.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-552
Status
published
Products (1)
changingtec/servisign
< 1.0.19.0617
Published
Feb 03, 2020
Tracked Since
Feb 18, 2026