{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T15:13:10.394","vulnerabilities":[{"cve":{"id":"CVE-2021-22860","sourceIdentifier":"twcert@cert.org.tw","published":"2021-03-17T09:15:12.670","lastModified":"2024-11-21T05:50:46.997","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends."},{"lang":"es","value":"El sistema de e-document de EIC, no lleva a cabo una comprobación de identidad completa para clasificar y filtrar los datos del personal.&#xa0;La vulnerabilidad permite a un atacante remoto obtener la información de las credenciales de los usuarios sin iniciar sesión en el sistema, y ??además adquirir los permisos privilegiados y ejecutar recomendaciones arbitrarias"}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eic:e-document_system:2.9:*:*:*:*:*:*:*","matchCriteriaId":"CF2502A7-E3EE-4332-BE44-8D96B74661C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:eic:e-document_system:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"36D6184C-8C14-4FC0-8995-8E23CA91A53A"}]}]}],"references":[{"url":"https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://gist.github.com/tonykuo76/17d497b3472a80a5e8914227e81e6fa3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.chtsecurity.com/news/12929036-924b-4b89-8a0e-3e7155e19011","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-4518-c813c-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}