Jump to the main content block
  1. Home
  2. 公告資訊_Vulnerability Alert

【Vulnerability Alert】 Teamplus Technology Team+ Enterprise Private Cloud Communication and Collaboration Platform - SQL Injection

publish date : 2024-10-22 update date : 2024-10-22

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2024101809105959 Publication Time 2024/10/18 09:28
Incident Type ANA-Vulnerability Alert Discovery Time 2024/10/16 09:28
Impact Level Medium  
[Subject]
【Vulnerability Alert】 Teamplus Technology Team+ Enterprise Private Cloud Communication and Collaboration Platform - SQL Injection
[Content]
Forwarded from TWCERTCC-200-202410-00000002

On 2024-10-14, TWCERT/CC published TVN-202410001, CVE-2024-9921 (CVSS: 9.8 Critical). Teamplus Technology’s Team+ Enterprise Private Cloud Communication and Collaboration Platform does not properly validate specific page parameters. Unauthenticated remote attackers can inject arbitrary SQL commands to read, modify, and delete database content.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Team+ v13.5.x
[Recommended Actions]
Please update Team+ to version v14.0.0 or later.
[Reference]
Teamplus Technology Team+ Enterprise Private Cloud Communication and Collaboration Platform - SQL Injection: https://www.twcert.org.tw/tw/cp-132-8124-d9b92-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print