aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html | Third Party Advisory VDB Entry |
https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html - Third Party Advisory, VDB Entry | |
Summary |
|
Information
Published : 2023-01-03 03:15
Updated : 2024-11-21 07:17
NVD link : CVE-2022-39042
Mitre link : CVE-2022-39042
CVE.ORG link : CVE-2022-39042
JSON object : View
Products Affected
aenrich
- a\+hrd
CWE
CWE-287
Improper Authentication