Deserialization Vulnerability in HR Portal of Soar Cloud System

Deserialization Vulnerability in HR Portal of Soar Cloud System

CVE-2021-22855 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands.

Learn more about our Cloud Audit.