CVE-2021-43360: Sunnet eHRD - Insecure Deserialization
First published: Wed Dec 01 2021(Updated: )
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
Credit: twcert@cert.org.tw twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Ehrd | =8 | |
| Sun Ehrd | =9 | |
| =8 | ||
| =9 |
Remedy
Update Sunnet eHRD version to 10
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-43360?
CVE-2021-43360 is considered a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2021-43360?
To fix CVE-2021-43360, ensure that input validation is properly implemented for the serialization function in the affected software versions.
Who is affected by CVE-2021-43360?
CVE-2021-43360 affects users of Sunnet eHRD versions 8 and 9 that have database access privileges.
What type of attacks can be performed using CVE-2021-43360?
With CVE-2021-43360, an attacker can execute arbitrary code and potentially control the system or disrupt services.
Is CVE-2021-43360 a local or remote vulnerability?
CVE-2021-43360 is a remote vulnerability that requires the attacker to be post-authenticated with database access privileges.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/title
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/sun
- canonical/sun ehrd
- version/sun ehrd/8
- version/sun ehrd/9