go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

aEnrich a+HRD - Improper Authentication

TVN ID TVN-202210022
CVE ID CVE-2022-39042
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products aEnrich a+HRD v6.8 & v7.0
Description aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function.
Solution Contact tech support from aEnrich
Credit Cyku Hong (DEVCORE)
Public Date 2022-12-14
Top