Описание
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.
Уязвимые конфигурации
Конфигурация 1Версия до 2019.1.4 (исключая)
cpe:2.3:a:harriscomputer:ormed_mis:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.0035
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
github
больше 3 лет назад
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.
EPSS
Процентиль: 57%
0.0035
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639