Vulnerabilities > Icehrm

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-22	CVE-2021-35046	Session Fixation vulnerability in Icehrm 29.0.0.Os A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. network low complexity icehrm CWE-384	6.1
2020-07-10	CVE-2020-6114	SQL Injection vulnerability in Icehrm 26.6.0.Os An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . network low complexity icehrm CWE-89	7.2
2020-02-18	CVE-2020-9271	Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. network low complexity icehrm CWE-352	6.5
2020-02-18	CVE-2020-9270	Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. network low complexity icehrm CWE-352	8.8
2018-06-14	CVE-2018-12420	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Icehrm IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. network low complexity icehrm CWE-327	7.5

Vulnerabilities > Icehrm {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Icehrm"}]}