Vulnerabilities > CVE-2021-43360 - Deserialization of Untrusted Data vulnerability in SUN Ehrd 8/9

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
sun
CWE-502
critical

Summary

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

Vulnerable Configurations

Part Description Count
Application
Sun
2

Common Weakness Enumeration (CWE)