Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hr_portal
(Hr_portal_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-17 | CVE-2021-22853 | The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work. | Hr_portal | 5.4 | ||
| 2021-02-17 | CVE-2021-22854 | The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. | Hr_portal | 7.5 | ||
| 2021-02-17 | CVE-2021-22855 | The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands. | Hr_portal | 9.8 |