CVE Vulnerability

CVE-2021-22860

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html Third Party Advisory
https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011 Third Party Advisory
https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:eic:e-document_system:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:eic:e-document_system:2.9:*:*:*:*:*:*:*
Information

Published : 2021-03-17 09:15

Updated : 2021-03-23 03:35

NVD link : CVE-2021-22860

Mitre link : CVE-2021-22860

Products Affected
No products.
CWE
CWE-287