CVE-2021-28174 MEDIUM

CVE-2021-28174: Mitake Smart Stock Selection System - Broken Authentication

Vendor Mitake
Product Mitake Smart Stock Selection System
Weakness CWE-287 · Improper authentication
Published April 8, 2021
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.

Key dates

02Disclosure timeline

April 8, 2021 CVE published
September 16, 2024 Record updated