CVE-2019-16106 — HIGH (7.5)

Vulnerability Description

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Humanica	Humatrix	1.0.0.681

Related Weaknesses (CWE)

CWE-276

References

https://gist.github.com/suphapholt/5bac4f5cabadfc44746e2bc93c1be91dThird Party Advisory
https://www.humatrix7.com/sunfish5/ehrm/humanica/recruitment_online/personalDataBroken Link
https://gist.github.com/suphapholt/5bac4f5cabadfc44746e2bc93c1be91dThird Party Advisory
https://www.humatrix7.com/sunfish5/ehrm/humanica/recruitment_online/personalDataBroken Link

FAQ

What is CVE-2019-16106?

CVE-2019-16106 is a vulnerability with a CVSS score of 7.5 (HIGH). The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm tx...

How severe is CVE-2019-16106?

CVE-2019-16106 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-16106?

Check the references section above for vendor advisories and patch information. Affected products include: Humanica Humatrix.