CVE-2021-22855

Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution

CVSS 9.8 CRITICALEPSS 2.0%CWE-502

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.8EPSS 2.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Feb 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Soar Cloud System Co., Ltd. · HR Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html