【Vulnerability Alert】Allgenic Software | Timestamp Server (TSA) - Missing Authentication

publish date : 2025-09-16 update date : 2025-09-17

Source: Ministry of education information & communication security contingency platform

"" "" "" ""

Publication Number TACERT-ANA-2025090409095454 Publication Time 2025/09/04 09:40
Incident Type ANA-Vulnerability Alert Discovery Time 2025/09/04 09:40
Impact Level Low  
[Subject]
【Vulnerability Alert】Allgenic Software | Timestamp Server (TSA) - Missing Authentication
[Content]
Forwarded from TWCERTCC-200-202509-00000002 

【Allgenic Software | Timestamp Server (TSA) - Missing Authentication】(CVE-2025-8861, CVSS: 9.8) A Missing Authentication vulnerability exists in the Timestamp Server (TSA) developed by Allgenic Software, allowing unauthenticated remote attackers to use developer tools to read, modify, and delete database contents.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
The Timestamp Server (TSA) is affected only if purchased before February 6, 2025.
[Recommended Actions]
Contact the vendor to confirm whether the patch has been applied.
[Reference]
https://www.twcert.org.tw/tw/cp-132-10360-012e7-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center