Unrated severityNVD Advisory· Published Mar 25, 2020· Updated Aug 5, 2024

CVE-2019-18626

Description

Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Harris/Ormed Self Servicedescription
Harris/Ormed Self Servicellm-create
Range: <2019.1.4

Patches

Vulnerability mechanics

References

github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2019-0011/FEYE-2019-0011.mdmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000