cbcvebase.

Aenrich A+Hrd vulnerabilities

14 known vulnerabilities affecting aenrich/a+hrd.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2025-12871P2CRITICALCVSS 9.8≤ 7.52025-11-12
CVE-2025-12871 [CRITICAL] CWE-1390 CVE-2025-12871: The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated r The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.
nvd
CVE-2025-12870P2CRITICALCVSS 9.8≤ 7.52025-11-12
CVE-2025-12870 [CRITICAL] CWE-1390 CVE-2025-12870: The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated r The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
nvd
CVE-2022-39042P2CRITICALCVSS 9.8≥ 6.8, ≤ 7.02023-01-03
CVE-2022-39042 [CRITICAL] CWE-287 CVE-2022-39042: aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exp aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.
nvd
CVE-2023-20853P2CRITICALCVSS 9.8v6.8.1039V8442023-04-27
CVE-2023-20853 [CRITICAL] CWE-502 CVE-2023-20853: aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ as aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
nvd
CVE-2022-39041P2CRITICALCVSS 9.8≥ 6.8, ≤ 7.02023-01-03
CVE-2022-39041 [CRITICAL] CWE-89 CVE-2022-39041: aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database.
nvd
CVE-2023-20852P2CRITICALCVSS 9.8v6.8.1039V8442023-04-27
CVE-2023-20852 [CRITICAL] CWE-502 CVE-2023-20852: aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ in aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
nvd
CVE-2022-26676P2CRITICALCVSS 9.8v6.82022-04-07
CVE-2022-26676 [CRITICAL] CWE-269 CVE-2022-26676: aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.
nvd
CVE-2022-39039P2CRITICALCVSS 9.8≥ 6.8, ≤ 7.02023-01-03
CVE-2022-39039 [CRITICAL] CWE-918 CVE-2022-39039: aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attac aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.
nvd
CVE-2022-26675P3HIGHCVSS 7.5v6.82022-04-07
CVE-2022-26675 [HIGH] CWE-22 CVE-2022-26675: aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote att aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.
nvd
CVE-2022-39040P3HIGHCVSS 7.5≥ 6.8, ≤ 7.02023-01-03
CVE-2022-39040 [HIGH] CWE-22 CVE-2022-39040: aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attack aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
nvd
CVE-2026-6833P3MEDIUMCVSS 6.5≤ 7.12026-04-22
CVE-2026-6833 [MEDIUM] CWE-89 CVE-2026-6833: The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
nvd
CVE-2026-6834P3MEDIUMCVSS 6.5≤ 7.12026-04-22
CVE-2026-6834 [MEDIUM] CWE-862 CVE-2026-6834: The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
nvd
CVE-2025-12872P4MEDIUMCVSS 5.4≤ 7.52025-11-12
CVE-2025-12872 [MEDIUM] CWE-79 CVE-2025-12872: The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing a The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL.
nvd
CVE-2025-12869P4MEDIUMCVSS 4.8≤ 7.52025-11-12
CVE-2025-12869 [MEDIUM] CWE-79 CVE-2025-12869: The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote atta The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.
nvd
Aenrich A+Hrd vulnerabilities | cvebase