← Volver a CVEs
CVE-2021-22855
CRITICAL9.8
Descripcion
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/17/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
hr_portal_project:hr_portal
Debilidades (CWE)
CWE-502CWE-502
Referencias
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e(twcert@cert.org.tw)
https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html(twcert@cert.org.tw)
https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e(af854a3a-2127-422b-91ae-364da2661108)
https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.