Vulnerabilities (CVE)

Filtered by vendor Sun Subscribe
Filtered by product Ehrd
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43360 1 Sun 1 Ehrd 2024-11-21 9.0 HIGH 8.8 HIGH
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
CVE-2021-43359 1 Sun 1 Ehrd 2024-11-21 9.0 HIGH 8.8 HIGH
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVE-2021-43358 1 Sun 1 Ehrd 2024-11-21 7.8 HIGH 7.5 HIGH
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
CVE-2020-10510 1 Sun 1 Ehrd 2024-11-21 4.0 MEDIUM 8.1 HIGH
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
CVE-2020-10509 1 Sun 1 Ehrd 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
CVE-2020-10508 1 Sun 1 Ehrd 2024-11-21 5.0 MEDIUM 7.5 HIGH
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.