CVE-2021-36718 : Security Advisory and Response

SYNEL - eharmonynew / Synel Reports version 8.0.2 had a vulnerability allowing attackers to log in with default credentials, exposing sensitive data. The issue has been addressed in version 11.

Understanding CVE-2021-36718

This CVE details a security vulnerability in SYNEL - eharmonynew / Synel Reports version 8.0.2.

What is CVE-2021-36718?

The CVE-2021-36718 vulnerability in Synel Reports of SYNEL eharmonynew allows unauthorized access with default credentials, leading to sensitive data exposure.

The Impact of CVE-2021-36718

The vulnerability could let attackers access sensitive information like Employee name, ID number, and working hours from the system, posing a risk to confidentiality and integrity.

Technical Details of CVE-2021-36718

This section outlines the vulnerability description, affected systems, and exploitation mechanism.

Vulnerability Description

The issue arises from default credentials, security miscommunication, and sensitive data exposure in Synel Reports, enabling unauthorized system access.

Affected Systems and Versions

Affected systems include SYNEL eharmonynew, Synel Reports version 8.0.2 and prior.

Exploitation Mechanism

Attackers can exploit the vulnerability by logging into the system with default credentials to export sensitive reports.

Mitigation and Prevention

Below are steps to mitigate the CVE-2021-36718 vulnerability and prevent further exploitation.

Immediate Steps to Take

Update to Synel eharmonynew, Synel Reports version 11 to secure the system from the default credentials and sensitive data exposure issue.

Long-Term Security Practices

Enforce strict password policies, educate users about secure practices, and regularly monitor and audit system access.

Patching and Updates

Regularly apply security patches and updates provided by SYNEL to address known vulnerabilities and enhance system security.