3 matches found
CVE-2021-22855
CVE-2021-22855 affects the HR Portal of Soar Cloud System, where the deserialization function accepts any object type, enabling execution of arbitrary commands. According to NVD data, this is a remote, high-severity issue (CVSS v3.1: 9.8, CRITICAL; CVSS v2.0: 7.5, HIGH) with network access, low a...
CVE-2021-22854
The CVE-2021-22854 entry concerns the Soar Cloud System HR Portal, where input parameter filtering failures enable an SQL injection in the HR portal. The root cause is inadequate validation of parameters, allowing remote attackers to inject SQL syntax and retrieve all database data without privil...
CVE-2021-22853
CVE-2021-22853 affects the Soar Cloud System HR Portal. The vulnerability is a broken access control that, when obtaining a user ID, allows remote attackers to access sensitive data via a specific data packet (for example, user login information) and can cause the login function to fail. The docu...