本ページは sun ehrd に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-43360 | Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | [email protected] | 8.8 | 2.33% | 2021-11-30 | 2026-06-17 |
| CVE-2021-43359 | Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | [email protected] | 8.8 | 2.39% | 2021-11-30 | 2026-06-17 |
| CVE-2021-43358 | Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | [email protected] | 7.5 | 2.29% | 2021-11-30 | 2026-06-17 |
| CVE-2020-10510 | Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | [email protected] | 8.1 | 1.06% | 2020-03-27 | 2026-06-16 |
| CVE-2020-10509 | Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | [email protected] | 6.1 | 0.83% | 2020-03-27 | 2026-06-16 |
| CVE-2020-10508 | Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | [email protected] | 7.5 | 1.47% | 2020-03-27 | 2026-06-16 |