Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Harris Computer Ormed Self Service 信息泄露漏洞
Vulnerability Description
Harris Computer Ormed Self Service是美国Harris Computer公司的一套自助服务软件。 Harris Computer Ormed Self Service 2019.1.4之前版本中存在信息泄露漏洞。攻击者可通过向ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI发送任意的‘empNo’参数值利用该漏洞查看其他用户的W-2税单(包括:员工的纳税信息,社保号及家庭地址等)。
CVSS Information
N/A
Vulnerability Type
N/A