CVE-2021-22855

CRITICAL

Soar Cloud System - Code Injection

Title source: llm

Description

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

References (2)

[Third Party Advisory] https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html

Scores

CVSS v3 9.8

EPSS 0.0078

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

hr_portal_project/hr_portal

Timeline

Published Feb 17, 2021

Tracked Since Feb 18, 2026