CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html Third Party Advisory VDB Entry
https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aenrich:a\+hrd:6.8:*:*:*:*:*:*:*
cpe:2.3:a:aenrich:a\+hrd:7.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:17

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html - Third Party Advisory, VDB Entry () https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html - Third Party Advisory, VDB Entry
Summary
  • (es) aEnrich a+HRD tiene una validación incorrecta para la función de inicio de sesión. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para evitar la autenticación y acceder a la función API para ejecutar comandos arbitrarios del sistema o interrumpir el servicio.

Information

Published : 2023-01-03 03:15

Updated : 2024-11-21 07:17


NVD link : CVE-2022-39042

Mitre link : CVE-2022-39042

CVE.ORG link : CVE-2022-39042


JSON object : View

Products Affected

aenrich

  • a\+hrd
CWE
CWE-287

Improper Authentication