CVE-2021-3380

MEDIUM

ICREM H8 SSRMS - Insecure Direct Object Reference via Print Invoice Functionality

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3380. PoCs published by Mohammed Farhan.

AI-analyzed exploit summary The exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in H8 SSRMS, where modifying the 'id' parameter in QuotePrint.aspx allows unauthorized access to other users' details. The writeup provides specific steps to reproduce the issue but lacks technical depth such as code snippets or patch analysis.

Description

Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.

Exploits (1)

exploitdb WRITEUP
by Mohammed Farhan · textwebappsaspx
https://www.exploit-db.com/exploits/49508

The exploit describes an Insecure Direct Object Reference (IDOR) vulnerability in H8 SSRMS, where modifying the 'id' parameter in QuotePrint.aspx allows unauthorized access to other users' details. The writeup provides specific steps to reproduce the issue but lacks technical depth such as code snippets or patch analysis.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: H8 SSRMS
Auth required
Prerequisites: Authenticated access to the application · Navigation to the Payment Section
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Not Applicable x_refsource_misc
http://height8.com
Not Applicable x_refsource_misc
http://icrem.com
Vendor Advisory x_refsource_misc
http://www.height8tech.com/carrier-grade-OSS-BSS.php
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49508

Scores

CVSS v3 6.5
EPSS 0.0134
EPSS Percentile 67.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-639
Status published
Products (1)
height8tech/h8_ssrms
Published Nov 10, 2021
Tracked Since Feb 18, 2026