Vulnerabilities (CVE)

Filtered by vendor Icehrm Subscribe

Filtered by product Icehrm

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-6114	1 Icehrm	1 Icehrm	2022-05-12	6.5 MEDIUM	7.2 HIGH
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2021-34244	1 Icehrm	1 Icehrm	2021-06-25	6.8 MEDIUM	8.8 HIGH
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.
CVE-2020-9270	1 Icehrm	1 Icehrm	2020-02-19	6.8 MEDIUM	8.8 HIGH
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
CVE-2018-12420	1 Icehrm	1 Icehrm	2018-08-09	5.0 MEDIUM	7.5 HIGH
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.