【Vulnerability Alert】Borg Technology｜Borg SPM 2007 - Three Vulnerabilities Identified

• Subject: 【Vulnerability Alert】Borg Technology｜Borg SPM 2007 - Three Vulnerabilities Identified

• Description:
  • Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert: TWCERTCC-200-202604-00000026
  • 【Borg Technology｜Borg SPM 2007 - Arbitrary File Upload】(CVE-2026-6885, CVSS: 9.8) An unauthenticated remote attacker can upload and execute web backdoors, thereby executing arbitrary code on the server side.
  • 【Borg Technology｜Borg SPM 2007 - Authentication Bypass】(CVE-2026-6886, CVSS: 9.8) An unauthenticated remote attacker can log into the system as any user.
  • 【Borg Technology｜Borg SPM 2007 - SQL Injection】(CVE-2026-6887, CVSS: 9.8) An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
• Affected Platforms:
  • Borg SPM 2007 (Discontinued in 2008)
• Recommended Actions:
  • Regardless of the system version, customers with active maintenance contracts should contact the vendor for assistance with patching or upgrade to the latest system version (SPM2025 SP1 has passed source code security audits).
  • For users without a maintenance contract who continue to use this version of the system, please contact the vendor to discuss follow-up handling.
• Reference Materials:
  1. https://www.twcert.org.tw/tw/cp-132-10861-b8709-1.html

Computer and Communication Center
Network Systems Division