CVE-2020-10510 - Vulnerability Details - OpenCVE

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Ehrd

Configuration 1 [-]

OR	cpe:2.3:a:sun:ehrd:8:::::::*
	cpe:2.3:a:sun:ehrd:9:::::::*

No data.

References

Link	Providers
https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71
https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2020-03-27T07:35:24.288858Z

Updated: 2024-09-16T18:17:54.224Z

Reserved: 2020-03-12T00:00:00

Link: CVE-2020-10510

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-27T08:15:13.147

Modified: 2024-11-21T04:55:30.317

Link: CVE-2020-10510

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "eHRD", "vendor": "Sunnet", "versions": [{"status": "affected", "version": "8"}, {"status": "affected", "version": "9"}]}], "datePublic": "2020-03-27T00:00:00", "descriptions": [{"lang": "en", "value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Broken Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-30T19:25:46", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"}], "solutions": [{"lang": "en", "value": "Update to version 10 or latest, or contact Sunnet for fixing patch."}], "source": {"discovery": "UNKNOWN"}, "title": "Sunnet eHRD - Broken Access Control", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2020-03-27T07:00:00.000Z", "ID": "CVE-2020-10510", "STATE": "PUBLIC", "TITLE": "Sunnet eHRD - Broken Access Control"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eHRD", "version": {"version_data": [{"version_affected": "=", "version_value": "8"}, {"version_affected": "=", "version_value": "9"}]}}]}, "vendor_name": "Sunnet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Broken Access Control"}]}]}, "references": {"reference_data": [{"name": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71", "refsource": "CONFIRM", "url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"}, {"name": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html", "refsource": "CONFIRM", "url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"}]}, "solution": [{"lang": "en", "value": "Update to version 10 or latest, or contact Sunnet for fixing patch."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:09.555Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2020-10510", "datePublished": "2020-03-27T07:35:24.288858Z", "dateReserved": "2020-03-12T00:00:00", "dateUpdated": "2024-09-16T18:17:54.224Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:ehrd:8:*:*:*:*:*:*:*", "matchCriteriaId": "4B27CBB3-B77F-470D-BA69-7CB2AB163B6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:ehrd:9:*:*:*:*:*:*:*", "matchCriteriaId": "FD254F84-F0D2-497F-8DDC-4E1DB6958F80", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data."}, {"lang": "es", "value": "Sunnet eHRD, un sistema de gesti\u00f3n de desarrollo y capacitaci\u00f3n humana, contiene una vulnerabilidad de Control de Acceso Roto. Despu\u00e9s de iniciar sesi\u00f3n, atacantes pueden usar una URL espec\u00edfica, acceder a una funcionalidad y a datos no autorizados."}], "id": "CVE-2020-10510", "lastModified": "2024-11-21T04:55:30.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "twcert@cert.org.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-27T08:15:13.147", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.chtsecurity.com/news/30772cf1-2e7e-4afe-9282-b5a196b22e71"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-3450-69466-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}