CVE-2021-22860

EPSS 0.91%
Veröffentlicht 17.03.2021 09:15:12
Zuletzt bearbeitet 21.11.2024 05:50:46
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eic ≫ E-document System Version2.9

Eic ≫ E-document System Version3.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.737

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3

Third Party Advisory

https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-22860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22860

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-22860