Auth Bypass Vulnerability in eHRD CTMS Allows Unauthorized Access
CVE-2024-10438

7.5HIGH

Key Information:

Vendor: Sunnet
Status: Ehrd Ctms
Vendor: CVE Published:; 28 October 2024

What is CVE-2024-10438?

The eHRD CTMS from Sunnet is subject to an authentication bypass vulnerability that allows attackers to gain unauthorized access to certain functionalities without proper authentication. By meeting specific conditions, unauthenticated remote attackers can exploit this vulnerability, posing significant security risks to the integrity of the system. Organizations using this product should prioritize patching and take necessary precautions to safeguard their systems against potential exploitation.

Affected Version(s)

eHRD CTMS 0 < 10.14

References

https://www.twcert.org.tw/tw/cp-132-8164-fe7c5-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html

third-party-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 28, 2024

CVE-2024-10438 Data

JSON