Developers: | WebSoft (WebSoft Development) |
Technology: | HRM, Corporate Portals, Distance Learning Systems |
Content |
The main articles are:
The Websoft HCM platform (based on the WebTutor product) allows not only to automate individual processes, but also to build a system of analytics and decision support in the field of personnel policy.
2024: Five Vulnerabilities Discovered
The web application security analysis team BI.ZONE during the testings red team for one of the customers found five vulnerabilities in version 2019.2.3 of the Websoft HCM platform (formerly WebTutor). BI.Zone announced this on February 5, 2024. The system is designed to create corporate HR portals and automation business processes related to human resources management.
The BI.ZONE team promptly contacted the system developer, WebSoft. The result of the interaction of the teams was the release of an update in which the developers fixed the zero-day vulnerability. The remaining four vulnerabilities were fixed earlier and were not exploited in the current software version. BI.ZONE addressed to FSTEC of Russia for registration of all vulnerabilities in the Databank of threats to security of information: BDU: 2024-00878, BDU: 2023-08666, BDU: 2024-00755, BDU: 2024-00756, BDU: 2024-00757.
BI.ZONE ensured the security of its customers: the BI. ZONE CPT team finalized scanner settings to monitor vulnerabilities in the company's infrastructure, and the BI. ZONE WAF team created rules to protect against exploitation of vulnerabilities. It will also help detect detected vulnerabilities within the BI. ZONE TDR service.
BDU:2024-00878 - 9.9 out of 10 on CVSS
A critical zero-day vulnerability allows authenticated users to execute arbitrary commands on the system. Thus, an attacker who has access to a user account can gain full access to the server. This allows access to confidential data and information about employees, as well as the possibility of developing an attack on the internal network. The vulnerability is relevant for versions up to 2023.1.827.
BDU:2024-00755 - 9.9 out of 10 on CVSS
The vulnerability is similar to the previous one in terms of damage inflicted on organizations. It allows an attacker to inject arbitrary code that will be executed by a web application. But unlike BDU:2024-00878, this vulnerability affects only older versions of the product - until 2022.1.3.451 (Websoft HCM).
BDU:2023-08666 - 7.5 out of 10 on CVSS
The vulnerability allows attackers to create a new user account, even if they do not have sufficient privileges. When co-operating BDU:2023-08666 with BDU:2024-00755 or BDU:2024-00878, attackers can hijack the victim's server without an account on the system. The vulnerability is relevant for all versions until 2020.4.3 (266) REL (Websoft HCM).
BDU:2024-00756 - 7.5 out of 10 on CVSS
The vulnerability could be exploited to read files that are stored in the file system of the web server. The vulnerability occurs in cases where the application uses untrusted user data as the path to the requested file without performing the necessary checks. Vulnerabilities are affected by product versions up to 2022.1.3.451. (Websoft HCM).
BDU:2024-00757 - 5.4 out of 10 on CVSS
The vulnerability could be exploited to execute arbitrary malicious code in the context of a victim's browser. To carry out an attack, you need to provoke the victim to follow a special link. As a result, the attacker has the ability to change the contents of displayed web pages, intercept user sessions, and also execute requests on his behalf. The vulnerability affects versions up to 2022.1.3.451 (Websoft HCM).
Vulnerabilities BDU:2023-08666, BDU:2024-00756 and BDU:2024-00757 can be exploited by an external attacker without an account in the system. For those organizations that use Websoft HCM in the internal perimeter, the most dangerous vulnerabilities remain BDU:2024-00755 and BDU:2024-00878, the exploitation of which is possible on behalf of the system user.
2022: HR Services and Technologies Websoft HCM
HR services
HR services in Websoft HCM are understandable actions, understandable visual representation and optimal service for employees:
- Personnel electronic document management
- Work Schedule Management
- Management holidays
- Benefits Cafeteria
- HR helpdesk
Technologies
Websoft HCM can be deployed on customer servers, as well as in the cloud (SaaS).
As of June 2022, Websoft HCM has been implemented in various companies, including with more than 100,000 employees. WebSoft supports technologies that allow you to service implementations with dozens of automated processes and tens of thousands of active users.
Integration Solutions and APIs: With built-in tools, Websoft HCM enables you to configure integration with your IT infrastructure and business systems.
WebSoft provides platform users with a range of LowCode/Nocode development tools.
Websoft HCM is a platform open to developers. If the rework is carried out in accordance with the rules, then any process and interface can be configured/modified in the system, while the system remains "boxed."
The capabilities of the system are available to users of mobile devices.
Websoft provides customers with standard (HelpDesk) and advanced (ServiceDesk) technical support. When the company's employees are out of touch (out of hours), a chatbot that never sleeps comes to the rescue.
Ready-Made Solutions
Over the years of work on the platform, Websoft has accumulated extensive experience in automating typical HR processes. Based on them, she created tools that allow you to translate processes into digital format with minimal costs for the customer.
The company offers customers a methodology of typical implementations and a library of ready-made solutions.
2021: Human Capital Management (HCM) - what is it and what is it different from other HR systems?
Personnel management includes many different processes: personnel accounting and payroll, training, evaluation, career planning, self-service services for employees and processes. HR systems can be divided into several classes depending on the functionality they offer. Read more here.
2017
2016: WebTutor System Description
As of July 2016, WebTutor is a system of comprehensive automation of business processes related to the selection, assessment, testing and training of personnel, systematization and storage of knowledge, as well as management and interaction between employees and HR-division. It can be used both on the corporate intranet and on the Internet using the SaaS model.
Automated Talent Management System (TMS) - an information system that accompanies all processes of working with an employee, starting with selection and adaptation, through training, assessment and development in order to optimally build an employee's career in the company
The technology is based on the creation of a corporate training portal or HR portal, with the help of which each employee of the company can access system services and information resources. The WebTutor system is distinguished by a modular approach that allows you to create customizable systems based on a set of software modules, the functionality of which depends on the tasks facing the customer. As a result of the implementation of the system, the customer receives a portal that can be accessed both on the Internet and on the corporate network. Based on the WebTutor portal, a distance learning and testing system or a full-fledged HR portal can be built that automates all corporate training and talent management processes.
WebTutor is a Russian Talent Management/Human Capital Management class system, and the functionality for automating HR processes is integrated with the LMS ( Learning Management System) functionality.
The portal provides users (employees of the company, its partners or customers) with services that allow solving a range of problems:
- Personnel selection automation
- Creation of the company's career site
- Development of adaptation programs for new employees
- Distance learning through e-learning courses and webinars
- Employee testing
- Automate face-to-face learning processes
- Inform employees about all forms of corporate training, familiarize themselves with the calendar of training events, collect training requests, collect feedback, conduct surveys, communicate on forums
- Building the company's electronic library and knowledge base
- Informing employees about the company's HR policy (news, articles, documents)
- Personnel assessment and performance management (competency assessment, goal setting and evaluation, KPI assessment and other types of evaluation procedures)
- Formation of a talent pool, formation of development programs, succession planning, talent search
- Building a corporate social network
The system is sold or offered for rent on various terms depending on the customer's needs. Both the ability to host the system on client servers and in the Microsoft Azure cloud platform is provided.
The system can be integrated with the main elements of the customer's IT infrastructure - personnel accounting system, EPR system, user accounting systems, corporate postal system, etc. Integration allows making the system implementation and operation as efficient as possible.