Lucene search

TwcertCVELIST:CVE-2021-22855

HistoryFeb 17, 2021 - 12:00 a.m.

CVE-2021-22855 Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution

2021-02-1700:00:00

CWE-502

twcert

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

CNA Affected

[
  {
    "product": "HR Portal",
    "vendor": "Soar Cloud System Co., Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "0 7.3.2020.1013"
      }
    ]
  }
]

References

www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for CVELIST:CVE-2021-22855