Vulnerabilities > SUN > Ehrd > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-01 | CVE-2021-43358 | Path Traversal vulnerability in SUN Ehrd 8/9 Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | 7.5 |
| 2021-12-01 | CVE-2021-43359 | Unspecified vulnerability in SUN Ehrd 8/9 Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | 8.8 |
| 2021-12-01 | CVE-2021-43360 | Deserialization of Untrusted Data vulnerability in SUN Ehrd 8/9 Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | 8.8 |
| 2020-03-27 | CVE-2020-10508 | Unspecified vulnerability in SUN Ehrd 8/9 Sunnet eHRD, a human training and development management system, improperly stores system files. | 7.5 |