Lucene search

INCDCVELIST:CVE-2021-36718

HistoryDec 08, 2021 - 7:25 p.m.

CVE-2021-36718 SYNEL - eharmonynew / Synel Reports version 8.0.2 Default credentials , Security miscommunication , Sensetive data exposure

2021-12-0819:25:46

INCD

www.cve.org

cve-2021-36718

synel eharmonynew

synel reports

default credentials

security miscommunication

sensitive data exposure

employee name

employee id number

working hours

version 8.0.2

version 11

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.4%

JSON

SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc’) The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions.

CNA Affected

[
  {
    "product": "Synel eharmonynew, Synel Reports",
    "vendor": "SYNEL ",
    "versions": [
      {
        "status": "affected",
        "version": "eharmonynew 8.0.2 "
      }
    ]
  }
]

References

www.gov.il/en/departments/faq/cve_advisories

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2021-36718