CVE-2021-36718

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 08-12-2021 09:15

Last modified: - 18-01-2023 07:02

Total changes: - 4

Description

SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

High

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

6.5

Base score

2.8

3.6

Exploitability score

Impact score

Verification logic

Reference

INCD CVE Advisories-Third Party Advisory

Keywords

CVE-2021-36718

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-36718

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures