Описание
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.0078
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
CWE-502
Связанные уязвимости
github
больше 3 лет назад
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
EPSS
Процентиль: 73%
0.0078
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
CWE-502