CVE-2021-22860

EIC e-document system - Broken Authentication

CVSS 9.8 CRITICALEPSS 2.6%

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.8EPSS 2.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 mar 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Excellent Infotek Corporation · e-document system

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3 https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011 https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html