Lucene search
TwcertCVELIST:CVE-2021-43358HistoryDec 01, 2021 - 2:00 a.m.
CVE-2021-43358 Sunnet eHRD - Path Traversal
2021-12-0102:00:22
CWE-22
twcert
www.cve.org
5
sunnet ehrd path traversal url filtering path traversal attacks authentication restricted paths system files download
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.005
Percentile
76.2%
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
CNA Affected
[
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
]Related
cnvd
cnvd
Sunnet eHRD path traversal vulnerability
2021-12-04 00:00:00
prion
prion
Path traversal
2021-12-01 02:15:00
nvd
nvd
CVE-2021-43358
2021-12-01 02:15:07
cve
cve
CVE-2021-43358
2021-12-01 02:15:07
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.005
Percentile
76.2%
Related for CVELIST:CVE-2021-43358