Vulnerabilities > SUN

DATE CVE VULNERABILITY TITLE RISK
2021-12-01 CVE-2021-43358 Path Traversal vulnerability in SUN Ehrd 8/9
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
network
low complexity
sun CWE-22
7.8
2021-12-01 CVE-2021-43359 Unspecified vulnerability in SUN Ehrd 8/9
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
network
low complexity
sun
critical
9.0
2021-12-01 CVE-2021-43360 Deserialization of Untrusted Data vulnerability in SUN Ehrd 8/9
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
network
low complexity
sun CWE-502
critical
9.0
2020-03-27 CVE-2020-10510 Improper Input Validation vulnerability in SUN Ehrd 8/9
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control.
network
low complexity
sun CWE-20
4.0
2020-03-27 CVE-2020-10509 Cross-site Scripting vulnerability in SUN Ehrd 8.0/9.0
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
network
sun CWE-79
4.3
2020-03-27 CVE-2020-10508 Information Exposure vulnerability in SUN Ehrd 8/9
Sunnet eHRD, a human training and development management system, improperly stores system files.
network
low complexity
sun CWE-200
5.0
2015-01-21 CVE-2015-0430 Local Security vulnerability in Oracle Solaris
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.
local
sun
1.9
2015-01-21 CVE-2015-0429 Local Security vulnerability in Oracle Solaris
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.
local
sun
3.3
2015-01-21 CVE-2015-0428 Local Security vulnerability in Oracle Solaris
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.
local
low complexity
sun
4.9
2015-01-21 CVE-2015-0397 Local Security vulnerability in SUN Sunos 5.11
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.
local
low complexity
sun
2.1