Command injection

2021-02-1714:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.5%

JSON

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

CPENameOperatorVersion
hr_portaleq7.3.2020.1013

CPE	Name	Operator	Version
	hr_portal	eq	7.3.2020.1013

References

www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html