Cross-Site Request Forgery Vulnerability in Ice Hrm by Ice Hrm
CVE-2021-34244

8.8HIGH

Key Information:

Vendor

Icehrm

Status
Vendor
CVE Published:
22 June 2021

What is CVE-2021-34244?

A significant cross-site request forgery (CSRF) vulnerability exists in the Ice Hrm software version 29.0.0.OS, enabling malicious actors to exploit this weakness to perform unauthorized actions. Specifically, attackers can potentially create new administrative accounts or modify existing users' passwords without proper authentication or consent. This flaw underscores the need for robust security measures to safeguard user accounts and sensitive data within web applications.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.