CVE-2021-36718
MEDIUMSYNEL eharmonynew and Synel Reports < 11.0 - Unauthenticated Default Credential Access and Sensitive Data Exposure
Title source: llmDescription
SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
x_refsource_cert
https://www.gov.il/en/departments/faq/cve_advisories
Scores
CVSS v3
6.1
EPSS
0.0055
EPSS Percentile
41.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (2)
synel/eharmonynew
< 11.0
synel/synel_reports
8.0.2
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026