CVE-2021-20786

EPSS 0.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Jul 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL.

Affected products

Japan Total System Co.,Ltd. · GroupSession

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://groupsession.jp/info/info-news/security202107 https://jvn.jp/en/jp/JVN86026700/index.html