CVE-2021-43358: Sunnet eHRD - Path Traversal
First published: Wed Dec 01 2021(Updated: )
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
Credit: twcert@cert.org.tw twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Ehrd | =8 | |
| Sun Ehrd | =9 | |
| =8 | ||
| =9 |
Remedy
Update Sunnet eHRD version to 10
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-43358?
CVE-2021-43358 is considered to have a high severity due to its potential for remote exploitation and unauthorized access to sensitive files.
How do I fix CVE-2021-43358?
To fix CVE-2021-43358, ensure that you update Sunnet eHRD to the latest version that addresses the path traversal vulnerability.
What software versions are affected by CVE-2021-43358?
CVE-2021-43358 affects Sunnet eHRD versions 8 and 9.
Can CVE-2021-43358 be exploited without authentication?
Yes, CVE-2021-43358 allows attackers to exploit the vulnerability without requiring any authentication.
What type of attacks can be executed through CVE-2021-43358?
CVE-2021-43358 can be exploited to perform path traversal attacks, enabling access to restricted paths and system files.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/title
- agent/weakness
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/sun
- canonical/sun ehrd
- version/sun ehrd/8
- version/sun ehrd/9