Skip to main content

Campus Recruiting

1 CVEs product

Monthly

CVE-2026-57912 HIGH PATCH This Week

Information disclosure in Johnson & Johnson's Campus Recruiting web application (versions prior to the 2025-10-31 fix) allows remote unauthenticated attackers to view sensitive data submitted by recruited students as well as private notes interviewers entered about those candidates. The flaw stems from the server relying on client-side restrictions rather than enforcing authorization server-side (CWE-602). No CISA KEV listing or formal exploit code is published, though an independent security researcher (Eaton Works) documented the issue in a public write-up.

Information Disclosure Campus Recruiting
NVD
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Johnson & Johnson's Campus Recruiting web application (versions prior to the 2025-10-31 fix) allows remote unauthenticated attackers to view sensitive data submitted by recruited students as well as private notes interviewers entered about those candidates. The flaw stems from the server relying on client-side restrictions rather than enforcing authorization server-side (CWE-602). No CISA KEV listing or formal exploit code is published, though an independent security researcher (Eaton Works) documented the issue in a public write-up.

Information Disclosure Campus Recruiting
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy