Hr Portal

hr_portal

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22855 1Hr Portal Project 1Hr Portal Nov 21, 2024 Feb 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
CVE-2021-22854 1Hr Portal Project 1Hr Portal Nov 21, 2024 Feb 17, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.
CVE-2021-22853 1Hr Portal Project 1Hr Portal Nov 21, 2024 Feb 17, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the log...Show more The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.Show less