Lucene search

TwcertCVELIST:CVE-2021-43360

HistoryDec 01, 2021 - 2:00 a.m.

CVE-2021-43360 Sunnet eHRD - Insecure Deserialization

2021-12-0102:00:25

CWE-502

twcert

www.cve.org

cve-2021-43360

sunnet ehrd

insecure deserialization

remote attacker

database access privilege

arbitrary code.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

CNA Affected

[
  {
    "product": "eHRD",
    "vendor": "Sunnet",
    "versions": [
      {
        "status": "affected",
        "version": "8"
      },
      {
        "status": "affected",
        "version": "9"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5355-6e339-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.003

Percentile

69.1%

JSON

Related for CVELIST:CVE-2021-43360