Ehrd Security Vulnerabilities and Issues — Ehrd CVE List

Lucene search

SunEhrd

6 matches found

CVE•added 2020/03/27 8:15 a.m.•66 views

CVE-2020-10509

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

6.1CVSS6.1AI score0.0024EPSS

CVE•added 2020/03/27 8:15 a.m.•61 views

CVE-2020-10508

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.

7.5CVSS7.5AI score0.00316EPSS

CVE•added 2020/03/27 8:15 a.m.•58 views

CVE-2020-10510

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.

8.1CVSS6.8AI score0.00218EPSS

CVE•added 2021/12/01 2:15 a.m.•38 views

CVE-2021-43359

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.

9CVSS9.1AI score0.01407EPSS

CVE•added 2021/12/01 2:15 a.m.•33 views

CVE-2021-43358

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.

7.8CVSS7.5AI score0.00471EPSS

CVE•added 2021/12/01 2:15 a.m.•29 views

CVE-2021-43360

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

9CVSS9AI score0.00643EPSS