Soar Cloud System Co Ltd Hr Portal vulnerabilities
3 known vulnerabilities affecting soar_cloud_system_co_ltd/hr_portal.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-22855P2CRITICALCVSS 9.8v0 7.3.2020.10132021-02-17
CVE-2021-22855 [CRITICAL] CWE-502 CVE-2021-22855: The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialize
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
nvd
CVE-2021-22854P3HIGHCVSS 7.5v0 7.3.2020.10132021-02-17
CVE-2021-22854 [HIGH] CWE-89 CVE-2021-22854: The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
nvd
CVE-2021-22853P4MEDIUMCVSS 5.4v0 7.3.2020.10132021-02-17
CVE-2021-22853 [MEDIUM] CWE-284 CVE-2021-22853: The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote a
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
nvd