CVE-2021-22855
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Soar Cloud System Co., Ltd. | HR Portal | 0 7.3.2020.1013 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
ADP Enrichment
CVE Program Container
Additional References
- https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html
- https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e
References
- https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html
- https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.