Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Sunnet

Source -

CNA

BOS Name -

N/A

CNA CVEs -

10

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
10Vulnerabilities found
CVE-2025-3707
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 16.97%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 02:50
Updated-07 May, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.

Action-Not Available
Vendor-sun.netSunnet
Product-ehrd_ctmseHRD CTMS
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10440
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.74%
||
7 Day CHG+0.12%
Published-28 Oct, 2024 | 02:53
Updated-31 Oct, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.

Action-Not Available
Vendor-sun.netSunnetsunnet
Product-ehdr_ctmseHRD CTMSehrd_ctms
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-10439
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.31%
||
7 Day CHG+0.01%
Published-28 Oct, 2024 | 02:49
Updated-31 Oct, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD CTMS - Insecure Direct Object Reference

The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.

Action-Not Available
Vendor-sun.netSunnetsunnet
Product-ehdr_ctmseHRD CTMSehrd_ctms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-10438
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.11%
||
7 Day CHG+0.11%
Published-28 Oct, 2024 | 02:46
Updated-31 Oct, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD CTMS - Authentication Bypass

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

Action-Not Available
Vendor-sun.netSunnetsunnet
Product-ehdr_ctmseHRD CTMSehrd_ctms
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2021-43360
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.71%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 02:00
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Insecure Deserialization

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-43359
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.40%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 02:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Broken Access Control

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-43358
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.65%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 02:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Path Traversal

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-10510
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-8.1||HIGH
EPSS-0.22% / 44.41%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 07:35
Updated-16 Sep, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Broken Access Control

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-10509
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 07:35
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Cross-Site Scripting

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-10508
Assigner-TWCERT/CC
ShareView Details
Assigner-TWCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 07:35
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Sensitive Data Exposure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD