RSS   Podatności dla 'Hr portal'   RSS

2021-02-17
 
CVE-2021-22855

CWE-502
 

 
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

 
 
CVE-2021-22854

CWE-89
 

 
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

 
 
CVE-2021-22853

CWE-269
 

 
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user??�??�??s login information, further causing the login function not to work.

 


Copyright 2024, cxsecurity.com

 

Back to Top