POSTING DATE: 2026/01/29

[VULNERABILITY ALERT] W-Bridge Information | Single Sign-On and Electronic Directory Service System - 2 Vulnerabilities Found

  • Subject: [VULNERABILITY ALERT] W-Bridge Information | Single Sign-On and Electronic Directory Service System - 2 Vulnerabilities Found


  • Content Description:
    • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center (TWCERTCC) Security Alert TWCERTCC-200-202601-00000023
    • [W-Bridge Information | Single Sign-On and Electronic Directory Service System - OS Command Injection]
    • (CVE-2026-1427, CVSS: 8.8) An OS Command Injection vulnerability exists in the Single Sign-On and Electronic Directory Service System. An authenticated remote attacker can inject and execute arbitrary operating system commands on the server.
    • [W-Bridge Information | Single Sign-On and Electronic Directory Service System - OS Command Injection]
    • (CVE-2026-1428, CVSS: 8.8) An OS Command Injection vulnerability exists in the Single Sign-On and Electronic Directory Service System. An authenticated remote attacker can inject and execute arbitrary operating system commands on the server.
  • Affected Platforms:
    • Electronic Directory Service System (V4) versions prior to IFTOP_P4_181 (exclusive)
  • Recommended Actions:
    • Update Electronic Directory Service System (V4) to version IFTOP_P4_181 or later.
  • Reference Material:
    1. https://www.twcert.org.tw/tw/cp-132-10654-23f40-1.html

Computer and Communication Center
Network Systems Division, Respectfully