CVE-2022-39039

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html Third Party Advisory VDB Entry
https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:17

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html - Third Party Advisory, VDB Entry () https://www.twcert.org.tw/tw/cp-132-6792-c4a62-1.html - Third Party Advisory, VDB Entry
Summary
  • (es) a+HRD de aEnrich tiene un filtrado inadecuado para parámetros de URL específicos. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para enviar solicitudes HTTP arbitrarias para lanzar un ataque de Server-Side Request Forgery (SSRF), ejecutar comandos arbitrarios del sistema o interrumpir el servicio.

Information

Published : 2023-01-03 03:15

Updated : 2024-11-21 07:17


NVD link : CVE-2022-39039

Mitre link : CVE-2022-39039

CVE.ORG link : CVE-2022-39039


JSON object : View

Products Affected

aenrich

  • a\+hrd
CWE
CWE-918

Server-Side Request Forgery (SSRF)