CVE-2021-22854

high

Description

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege.

References

Advisories

https://www.twcert.org.tw/tw/cp-132-4404-3f498-1.html

https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

Details

Source: Mitre, NVD

Published: 2021-02-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00387

Detections

Analytics