{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:45:37.855","vulnerabilities":[{"cve":{"id":"CVE-2023-34357","sourceIdentifier":"twcert@cert.org.tw","published":"2023-09-07T03:15:08.263","lastModified":"2024-11-21T08:07:05.380","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nSoar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.\n\n\n\n"},{"lang":"es","value":"Soar Cloud Ltd. HR Portal dispone de un mecanismo de recuperación de contraseñas débil para contraseñas olvidadas. El enlace de restablecimiento de contraseña se envía a través del correo electrónico, y el enlace seguirá siendo válido después de que la contraseña haya sido restablecida y después de la fecha de caducidad prevista. Un atacante con acceso al historial del navegador o al enlace puede así utilizar la URL de nuevo para cambiar la contraseña con el fin de hacerse cargo de la cuenta. "}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:scshr:hr_portal:7.3.2023.0510:*:*:*:*:*:*:*","matchCriteriaId":"7B4925F6-A93D-405C-A152-3E6753255964"},{"vulnerable":true,"criteria":"cpe:2.3:a:scshr:hr_portal:7.3.2023.0705:*:*:*:*:*:*:*","matchCriteriaId":"398FFD5F-CF3E-4159-A46D-F8D706A25F79"}]}]}],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-7347-2653e-1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}