Approved changes feed: RSS · Atom

cpe:2.3:a:changingtec:servisign:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorChangingtec (18f21f46-eb93-56c8-9223-cca8102f6551)
ProductServisign (5cd77de5-d364-5c50-b000-796de9e38467)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-46306 under_investigation 2026-06-08 05:50:38.594676 ChangingTec ServiSign - Path Traversal
HIGH (8.8)
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T16:29:15.283Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-46305 under_investigation 2026-06-08 05:50:38.594212 ChangingTec ServiSign - Path Traversal
MEDIUM (6.5)
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T16:29:34.892Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-46304 under_investigation 2026-06-08 05:50:38.592933 ChangingTec ServiSign - Command Injection
HIGH (8.8)
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T17:46:14.271Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-3927 vulnerable 2026-06-08 05:25:57.905992 ServiSign Windows Versions- Arbitrary File Deletion
HIGH (8.3)
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Published: 2020-02-03T11:00:31.635Z
Updated: 2024-09-16T22:55:21.477Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-3926 vulnerable 2026-06-08 05:25:57.905598 ServiSign Windows Versions- Arbitrary File Access
MEDIUM (6.1)
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Published: 2020-02-03T11:00:31.233Z
Updated: 2024-09-16T17:14:45.590Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-3925 vulnerable 2026-06-08 05:25:57.905105 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.