Vulnerability Description
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eic | E-Document System | 2.9 |
Related Weaknesses (CWE)
References
- https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3Third Party Advisory
- https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011Third Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.htmlThird Party Advisory
- https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3Third Party Advisory
- https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011Third Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.htmlThird Party Advisory
FAQ
What is CVE-2021-22860?
CVE-2021-22860 is a vulnerability with a CVSS score of 9.8 (CRITICAL). EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information withou...
How severe is CVE-2021-22860?
CVE-2021-22860 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22860?
Check the references section above for vendor advisories and patch information. Affected products include: Eic E-Document System.