go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::

Date:
Font-stze:

Soar Cloud System Co., Ltd. HR Portal - Broken Access Control

TVN ID TVN-202101007
CVE ID CVE-2021-22853
CVSS 5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected Products Soar Cloud System Co., Ltd. HR Portal version 7.3.2020.1013
Description The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
Solution Update to version 7.3.2020.1110
Credit TsungShu Chiu
Public Date 2021-02-17
Top