Skip to main content

Human Capital Management

2 CVEs product

Monthly

CVE-2025-22953 CRITICAL Act Now

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Human Capital Management
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-49577 MEDIUM This Month

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Human Capital Management
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Human Capital Management
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Human Capital Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy