CVE-2021-32543
MEDIUMsysjust cts_web < 2021.3.24 - Improper Authentication via Cookie Manipulation
Title source: llmDescription
The CTS Web transaction system related to authentication management is implemented incorrectly. After login, remote attackers can manipulate cookies to access other accounts and trade in the stock market with spoofed identity.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4759-92eab-1.html
Third Party Advisory x_refsource_confirm
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
Scores
CVSS v3
6.5
EPSS
0.0076
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (1)
sysjust/cts_web
< 2021.3.24
Published
May 28, 2021
Tracked Since
Feb 18, 2026