Approved changes feed: RSS · Atom
cpe:2.3:a:changingtec:servisign:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Changingtec (18f21f46-eb93-56c8-9223-cca8102f6551) |
|---|---|
| Product | Servisign (5cd77de5-d364-5c50-b000-796de9e38467) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-46306 |
under_investigation | 2026-06-08 05:50:38.594676 |
ChangingTec ServiSign - Path Traversal
HIGH (8.8)
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T16:29:15.283Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46305 |
under_investigation | 2026-06-08 05:50:38.594212 |
ChangingTec ServiSign - Path Traversal
MEDIUM (6.5)
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T16:29:34.892Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46304 |
under_investigation | 2026-06-08 05:50:38.592933 |
ChangingTec ServiSign - Command Injection
HIGH (8.8)
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T17:46:14.271Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-3927 |
vulnerable | 2026-06-08 05:25:57.905992 |
ServiSign Windows Versions- Arbitrary File Deletion
HIGH (8.3)
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Published: 2020-02-03T11:00:31.635Z
Updated: 2024-09-16T22:55:21.477Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-3926 |
vulnerable | 2026-06-08 05:25:57.905598 |
ServiSign Windows Versions- Arbitrary File Access
MEDIUM (6.1)
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter.
Published: 2020-02-03T11:00:31.233Z
Updated: 2024-09-16T17:14:45.590Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-3925 |
vulnerable | 2026-06-08 05:25:57.905105 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.