← Voltar para CVEs
CVE-2021-22855
CRITICAL9.8
Descricao
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/17/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
hr_portal_project:hr_portal
Fraquezas (CWE)
CWE-502CWE-502
Referencias
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e(twcert@cert.org.tw)
https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html(twcert@cert.org.tw)
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e(af854a3a-2127-422b-91ae-364da2661108)
https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.