Ehrd
CVE-2021-43359
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (cert) · only source for this CVE.
CVSS VectorVendor: cert
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
AnalysisAI
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. Affected products include: Sun Ehrd.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restrictio
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path trav
Sunnet eHRD, a human training and development management system, improperly stores system files. Rated high severity (CV
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. Rate
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), a
Share
External POC / Exploit Code
Leaving vuln.today