CVE-2024-40721 HIGH

CVE-2024-40721: CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation

Vendor Changing Information Technology
Product TCBServiSign Windows Version
Weakness CWE-20 · Input validation
Published August 2, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.

Key dates

02Disclosure timeline

August 2, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-9507 Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation CVE-2023-6738 PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields CVE-2022-30232 CVE-2023-45161 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution