Lucene search

[email protected]NVD:CVE-2021-22853

HistoryFeb 17, 2021 - 2:15 p.m.

CVE-2021-22853

2021-02-1714:15:19

CWE-284

[email protected]

web.nvd.nist.gov

hr portal

soar cloud system

access control

unauthorized data access

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

45.2%

JSON

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.

Affected configurations

Nvd

Node

hr_portal_projecthr_portalMatch7.3.2020.1013

VendorProductVersionCPE
hr_portal_projecthr_portal7.3.2020.1013cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hr_portal_project	hr_portal	7.3.2020.1013	cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:::::::*

References

www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

www.twcert.org.tw/tw/cp-132-4403-8eb68-1.html

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

EPSS

0.001

Percentile

45.2%

JSON

Related for NVD:CVE-2021-22853

cvelist1 prion1 cve1