Описание
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00265
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
EPSS
Процентиль: 50%
0.00265
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other