CVE-2021-32541
MEDIUMsysjust cts_web < 2021.3.24 - Unauthenticated Denial of Service via Forced Session Termination
Title source: llmDescription
The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4757-893eb-1.html
Third Party Advisory x_refsource_confirm
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
Scores
CVSS v3
5.3
EPSS
0.0151
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-287
Status
published
Products (1)
sysjust/cts_web
< 2021.3.24
Published
May 28, 2021
Tracked Since
Feb 18, 2026