CVE-2021-45222
HIGHCOINS Construction Cloud 11.12 - Privilege Escalation via HR Interface
Title source: llmDescription
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.
References (3)
Core 3
Core References
Patch, Product, Vendor Advisory x_refsource_misc
https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview
Exploit, Third Party Advisory x_refsource_misc
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-029.txt
Third Party Advisory x_refsource_misc
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053
Scores
CVSS v3
8.8
EPSS
0.0151
EPSS Percentile
71.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
coins-global/coins_construction_cloud
11.12
Published
Jan 24, 2022
Tracked Since
Feb 18, 2026