Lucene search

[email protected]NVD:CVE-2021-22854

HistoryFeb 17, 2021 - 2:15 p.m.

CVE-2021-22854

2021-02-1714:15:19

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

hr portal

soar cloud system

remote attackers

database vulnerability

cve-2021-22854

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.1%

JSON

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

Affected configurations

Nvd

Node

hr_portal_projecthr_portalMatch7.3.2020.1013

VendorProductVersionCPE
hr_portal_projecthr_portal7.3.2020.1013cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hr_portal_project	hr_portal	7.3.2020.1013	cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:::::::*

References

www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

www.twcert.org.tw/tw/cp-132-4404-3f498-1.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

59.1%

JSON

Related for NVD:CVE-2021-22854

cve1 prion1 cvelist1