CVE-2024-10438

Published: Oct 28, 2024Modified: Sep 25, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

Affected (1)

Products: Sun.net: Ehrd Ctms

Sun.net

1 product

Ehrd Ctms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun.net Ehrd Ctms	Before 10.14

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (2)

https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html

Source: twcert@cert.org.tw

Third Party Advisory

Timeline

No history available yet.