go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution

TVN ID TVN-202101009
CVE ID CVE-2021-22855
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products Soar Cloud System Co., Ltd. HR Portal version 7.3.2020.1013
Description The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.
Solution Update to version 7.3.2020.1110
Credit TsungShu Chiu
Public Date 2021-02-17

Links

  1. CVE-2021-22855
  2. CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Human Resource Portal
Top