CVE-2021-43360 HIGH

CVE-2021-43360: Sunnet eHRD - Insecure Deserialization

Vendor Sunnet
Product eHRD
Weakness CWE-502 · Unsafe deserialization
Published December 1, 2021
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

Key dates

02Disclosure timeline

December 1, 2021 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-28988 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability CVE-2026-12787 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserialization CVE-2024-4044 Deserialization of Untrusted Data Vulnerability in FlexLogger and InstrumentStudio CVE-2025-39503 WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability