← back
CVE-2021-41974

Tad Book3 - Improper Authorization

CVSS 9.1 CRITICALEPSS 1.2%CWE-285
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.1EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Oct 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
Tad · Tad Book3

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/tw/cp-132-5173-e21ba-1.html