Changingtec ServiSign
Approved changes feed: RSS · Atom
cpe:2.3:a:changingtec:servisign:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Changingtec (18f21f46-eb93-56c8-9223-cca8102f6551) |
|---|---|
| Product | Servisign (5cd77de5-d364-5c50-b000-796de9e38467) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-46306 |
vulnerable | 2026-06-08 05:50:38.594800 |
ChangingTec ServiSign - Path Traversal
HIGH (8.8)
ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T16:29:15.283Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46305 |
vulnerable | 2026-06-08 05:50:38.594355 |
ChangingTec ServiSign - Path Traversal
MEDIUM (6.5)
ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T16:29:34.892Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46304 |
vulnerable | 2026-06-08 05:50:38.593811 |
ChangingTec ServiSign - Command Injection
HIGH (8.8)
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service.
Published: 2023-01-03T00:00:00.000Z
Updated: 2025-04-10T17:46:14.271Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.