Vulnerability Details : CVE-2021-22853
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2021-22853
Probability of exploitation activity in the next 30 days: 0.11%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-22853
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:P |
8.0
|
4.9
|
NIST |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
2.8
|
2.5
|
NIST |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
2.8
|
2.5
|
TWCERT/CC |
CWE ids for CVE-2021-22853
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: twcert@cert.org.tw (Secondary)
References for CVE-2021-22853
-
https://www.twcert.org.tw/tw/cp-132-4403-8eb68-1.html
TWCERT/CC台灣電腦網路危機處理暨協調中心-飛騰雲端 HR Portal - Broken Access ControlThird Party Advisory
-
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Human Resource Portal|中華資安國際 CHT Security Co., Ltd.Third Party Advisory
Products affected by CVE-2021-22853
- cpe:2.3:a:hr_portal_project:hr_portal:7.3.2020.1013:*:*:*:*:*:*:*