CVE-2021-22855

critical

Description

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

References

Advisories

https://www.twcert.org.tw/tw/cp-132-4405-2ddde-1.html

https://www.chtsecurity.com/news/d334641f-2b28-4eab-a5ed-c6ec6740557e

Details

Source: Mitre, NVD

Published: 2021-02-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0078

Detections

Analytics