CVE-2023-34357
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| scshr:hr_portal | scshr hr portal | eq | 7.3.2023.0510 |
| scshr:hr_portal | scshr hr portal | eq | 7.3.2023.0705 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "HR Portal",
"vendor": "Soar Cloud Ltd. ",
"versions": [
{
"status": "affected",
"version": "7.3.2023.0510"
},
{
"status": "affected",
"version": "7.3.2023.0705"
}
]
}
]Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%