Vulnerabilities > Aenrich
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-27 | CVE-2023-20852 | Deserialization of Untrusted Data vulnerability in Aenrich A+Hrd 6.8.1039V844 aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. | 9.8 |
| 2023-04-27 | CVE-2023-20853 | Deserialization of Untrusted Data vulnerability in Aenrich A+Hrd 6.8.1039V844 aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. | 9.8 |
| 2023-01-03 | CVE-2022-39039 | Server-Side Request Forgery (SSRF) vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich’s a+HRD has inadequate filtering for specific URL parameter. | 9.8 |
| 2023-01-03 | CVE-2022-39040 | Path Traversal vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich a+HRD log read function has a path traversal vulnerability. | 7.5 |
| 2023-01-03 | CVE-2022-39041 | SQL Injection vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich a+HRD has insufficient user input validation for specific API parameter. | 9.8 |
| 2023-01-03 | CVE-2022-39042 | Improper Authentication vulnerability in Aenrich A+Hrd 6.8/7.0 aEnrich a+HRD has improper validation for login function. | 9.8 |
| 2022-09-09 | CVE-2022-28741 | Path Traversal vulnerability in Aenrich A+Hrd aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x | 8.1 |
| 2022-04-07 | CVE-2022-26675 | Path Traversal vulnerability in Aenrich A+Hrd 6.8 aEnrich a+HRD has inadequate filtering for special characters in URLs. | 5.0 |
| 2022-04-07 | CVE-2022-26676 | Incorrect Authorization vulnerability in Aenrich A+Hrd 6.8 aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | 7.5 |