Known Vulnerabilities for products from Unit4

Listed below are 7 of the newest known vulnerabilities associated with the vendor "Unit4".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-36234 Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified ... 5.5 - MEDIUM 2021-08-31 2021-09-08
CVE-2021-36233 The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to ... 6.5 - MEDIUM 2021-08-31 2021-09-08
CVE-2021-36232 Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privil... 8.8 - HIGH 2021-08-31 2022-05-03
CVE-2021-36231 Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to... 8.8 - HIGH 2021-08-31 2021-09-08
CVE-2015-2082 Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 Prosoft HRMS before 8.14.330.43 allows remote attackers to in... 4.3 - MEDIUM 2015-02-25 2018-10-09
CVE-2015-1174 Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attacke... 9.8 - CRITICAL 2017-08-02 2017-08-07
CVE-2015-1173 Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) De... 7.5 - HIGH 2015-09-16 2015-09-17

Known software with vulnerabilities from Unit4

Type Vendor Product Version
ApplicationUnit4Prosoft Hrms8.14.230.47