The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...
8.8CVSS
8.6AI Score
0.001EPSS
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...
8.8CVSS
8.8AI Score
0.001EPSS
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has...
7.8CVSS
7.6AI Score
0.0004EPSS
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as userβs login information, further causing the login function not to...
5.4CVSS
5.5AI Score
0.001EPSS
The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without...
7.5CVSS
7.7AI Score
0.002EPSS
The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary...
9.8CVSS
9.6AI Score
0.009EPSS
Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Unauthenticated users can escape outside of the restricted location (dot-dot-slash notation) to access files or directories that are elsewhere on the system. Through this vulnerability it is possible to read the application's java.....
7.5CVSS
7.4AI Score
0.008EPSS