Aggregates CVE and security vulnerability intelligence across all hr_portal_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection, with potential vendor impact data exposure across vendor surface software deployment and vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-22855 | The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands. | [email protected] | 9.8 | 1.97% | 2021-02-17 | 2026-06-16 |
| CVE-2021-22854 | The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. | [email protected] | 7.5 | 1.53% | 2021-02-17 | 2026-06-16 |
| CVE-2021-22853 | The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work. | [email protected] | 5.4 | 1.00% | 2021-02-17 | 2026-06-16 |