CVE-2024-10438

The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities.

More information : https://www.twcert.org.tw/en/cp-139-8165-7da2f-2.html

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : HIGH
Base score : 7.5
Base severity : HIGH
Exploitability score : 3.9
Impact score : 3.6