CVE-2021-22860 CRITICAL

CVE-2021-22860: EIC e-document system - Broken Authentication

Vendor Excellent Infotek Corporation
Product e-document system
Published March 17, 2021
Last update September 16, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.

Key dates

02Disclosure timeline

March 17, 2021 CVE published
September 16, 2024 Record updated