7.3.2023.0705

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

scshr

NVD

Published: 2023-09-07

Updated: 2024-11-21

Summary

Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.

Vulnerable Configurations

Part	Description	Count
Application	Scshr Scshr HR Portal 7.3.2023.0705 Scshr HR Portal 7.3.2023.0510	2

References

https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html
https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html