Sunnet eHRD - Insecure Deserialization
CVE-2021-43360

8.8HIGH

Key Information:

Vendor

Sunnet

Status
Ehrd
Vendor
CVE Published:
1 December 2021

What is CVE-2021-43360?

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

Affected Version(s)

eHRD 8

eHRD 9

References

https://www.twcert.org.tw/tw/cp-132-5355-6e339-1.html
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.