Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for eHRD by Sunnet
CVE-2021-43360 (GCVE-0-2021-43360)
Vulnerability from nvd – Published: 2021-12-01 02:00 – Updated: 2024-09-17 03:44
VLAI?
Title
Sunnet eHRD - Insecure Deserialization
Summary
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2021-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2021-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD e-mail delivery task schedule\u2019s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:00:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111008",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD - Insecure Deserialization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-30T01:40:00.000Z",
"ID": "CVE-2021-43360",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Insecure Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD e-mail delivery task schedule\u2019s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-43360",
"datePublished": "2021-12-01T02:00:25.412Z",
"dateReserved": "2021-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:44:10.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43359 (GCVE-0-2021-43359)
Vulnerability from nvd – Published: 2021-12-01 02:00 – Updated: 2024-09-16 18:43
VLAI?
Title
Sunnet eHRD - Broken Access Control
Summary
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2021-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2021-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:00:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111007",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-30T01:40:00.000Z",
"ID": "CVE-2021-43359",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-43359",
"datePublished": "2021-12-01T02:00:23.979Z",
"dateReserved": "2021-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:15.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43358 (GCVE-0-2021-43358)
Vulnerability from nvd – Published: 2021-12-01 02:00 – Updated: 2024-09-17 02:21
VLAI?
Title
Sunnet eHRD - Path Traversal
Summary
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2021-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2021-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:00:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111006",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-30T01:40:00.000Z",
"ID": "CVE-2021-43358",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-43358",
"datePublished": "2021-12-01T02:00:22.492Z",
"dateReserved": "2021-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:18.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10510 (GCVE-0-2020-10510)
Vulnerability from nvd – Published: 2020-03-27 07:35 – Updated: 2024-09-16 18:17
VLAI?
Title
Sunnet eHRD - Broken Access Control
Summary
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
Severity ?
8.1 (High)
CWE
- Broken Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:25:46.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sunnet eHRD - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-27T07:00:00.000Z",
"ID": "CVE-2020-10510",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-10510",
"datePublished": "2020-03-27T07:35:24.288Z",
"dateReserved": "2020-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:17:54.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10509 (GCVE-0-2020-10509)
Vulnerability from nvd – Published: 2020-03-27 07:35 – Updated: 2024-09-16 20:07
VLAI?
Title
Sunnet eHRD - Cross-Site Scripting
Summary
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:25:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sunnet eHRD - Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-27T07:00:00.000Z",
"ID": "CVE-2020-10509",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-10509",
"datePublished": "2020-03-27T07:35:23.858Z",
"dateReserved": "2020-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:38.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10508 (GCVE-0-2020-10508)
Vulnerability from nvd – Published: 2020-03-27 07:35 – Updated: 2024-09-16 22:25
VLAI?
Title
Sunnet eHRD - Sensitive Data Exposure
Summary
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Severity ?
7.5 (High)
CWE
- Sensitive Data Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive Data Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:25:38.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sunnet eHRD - Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-27T07:00:00.000Z",
"ID": "CVE-2020-10508",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Sensitive Data Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Data Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-10508",
"datePublished": "2020-03-27T07:35:23.455Z",
"dateReserved": "2020-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:42.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43360 (GCVE-0-2021-43360)
Vulnerability from cvelistv5 – Published: 2021-12-01 02:00 – Updated: 2024-09-17 03:44
VLAI?
Title
Sunnet eHRD - Insecure Deserialization
Summary
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
Severity ?
8.8 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2021-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2021-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD e-mail delivery task schedule\u2019s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:00:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111008",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD - Insecure Deserialization",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-30T01:40:00.000Z",
"ID": "CVE-2021-43360",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Insecure Deserialization"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD e-mail delivery task schedule\u2019s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-43360",
"datePublished": "2021-12-01T02:00:25.412Z",
"dateReserved": "2021-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:44:10.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43359 (GCVE-0-2021-43359)
Vulnerability from cvelistv5 – Published: 2021-12-01 02:00 – Updated: 2024-09-16 18:43
VLAI?
Title
Sunnet eHRD - Broken Access Control
Summary
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
Severity ?
8.8 (High)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2021-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2021-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:00:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111007",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-30T01:40:00.000Z",
"ID": "CVE-2021-43359",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5354-0aac0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-43359",
"datePublished": "2021-12-01T02:00:23.979Z",
"dateReserved": "2021-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:15.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43358 (GCVE-0-2021-43358)
Vulnerability from cvelistv5 – Published: 2021-12-01 02:00 – Updated: 2024-09-17 02:21
VLAI?
Title
Sunnet eHRD - Path Traversal
Summary
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2021-11-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2021-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T02:00:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111006",
"discovery": "EXTERNAL"
},
"title": "Sunnet eHRD - Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-11-30T01:40:00.000Z",
"ID": "CVE-2021-43358",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5353-4ebee-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update Sunnet eHRD version to 10"
}
],
"source": {
"advisory": "TVN-202111006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-43358",
"datePublished": "2021-12-01T02:00:22.492Z",
"dateReserved": "2021-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:18.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10510 (GCVE-0-2020-10510)
Vulnerability from cvelistv5 – Published: 2020-03-27 07:35 – Updated: 2024-09-16 18:17
VLAI?
Title
Sunnet eHRD - Broken Access Control
Summary
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
Severity ?
8.1 (High)
CWE
- Broken Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:25:46.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sunnet eHRD - Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-27T07:00:00.000Z",
"ID": "CVE-2020-10510",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Broken Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-10510",
"datePublished": "2020-03-27T07:35:24.288Z",
"dateReserved": "2020-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:17:54.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10509 (GCVE-0-2020-10509)
Vulnerability from cvelistv5 – Published: 2020-03-27 07:35 – Updated: 2024-09-16 20:07
VLAI?
Title
Sunnet eHRD - Cross-Site Scripting
Summary
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:25:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sunnet eHRD - Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-27T07:00:00.000Z",
"ID": "CVE-2020-10509",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3449-c87d8-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-10509",
"datePublished": "2020-03-27T07:35:23.858Z",
"dateReserved": "2020-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:38.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10508 (GCVE-0-2020-10508)
Vulnerability from cvelistv5 – Published: 2020-03-27 07:35 – Updated: 2024-09-16 22:25
VLAI?
Title
Sunnet eHRD - Sensitive Data Exposure
Summary
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Severity ?
7.5 (High)
CWE
- Sensitive Data Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2020-03-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "eHRD",
"vendor": "Sunnet",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"datePublic": "2020-03-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive Data Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T19:25:38.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sunnet eHRD - Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-03-27T07:00:00.000Z",
"ID": "CVE-2020-10508",
"STATE": "PUBLIC",
"TITLE": "Sunnet eHRD - Sensitive Data Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eHRD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8"
},
{
"version_affected": "=",
"version_value": "9"
}
]
}
}
]
},
"vendor_name": "Sunnet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Data Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/tw/cp-132-3448-76a35-1.html"
},
{
"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71",
"refsource": "CONFIRM",
"url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 10 or latest, or contact Sunnet for fixing patch."
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-10508",
"datePublished": "2020-03-27T07:35:23.455Z",
"dateReserved": "2020-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:42.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}