CVE-2021-36718

Name of the Vulnerable Software and Affected Versions SYNEL eharmonynew versions prior to 11 Synel Reports versions prior to 11 Synel Reports version 8.0.2

Description The issue allows an attacker to log in to the system with default credentials and export a report of the eharmony system with sensitive data, including employee name, employee ID number, and working hours. This is due to default credentials and security miscommunication, leading to sensitive data exposure vulnerability in Synel Reports.

Recommendations For SYNEL eharmonynew versions prior to 11, update to version 11 or later to address the issue. For Synel Reports versions prior to 11, update to version 11 or later to address the issue. For Synel Reports version 8.0.2, update to version 11 or later to address the issue. As a temporary workaround, consider changing the default credentials to prevent unauthorized access until a patch is applied.