5 matches found
EUVD-2019-8350
Malware in sbrugna...
CVE-2019-18626
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social...
Code injection
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social...
CVE-2019-18626
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social...
CVE-2019-18626
Affected product: Harris Ormed Self Service, prior to 2019.1.4. Vulnerability core: authenticated users can supply an arbitrary empNo to the URI RetrieveW2EntriesForEmployee under ORMEDMIS/Data/PY/T4W2Service.svc/ RetrieveW2EntriesForEmployee, leading to disclosure of W-2 forms and sensitive data...