Lucene search

TwcertCVELIST:CVE-2022-26676

HistoryApr 07, 2022 - 6:22 p.m.

CVE-2022-26676 aEnrich a+HRD - Broken Access Control

2022-04-0718:22:44

CWE-269

twcert

www.cve.org

cve-2022-26676

enrich a+hrd

broken access control

inadequate privilege restrictions

unauthenticated remote attacker

api function

malicious scripts

system control

service disruption

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.

CNA Affected

[
  {
    "product": "a+HRD",
    "vendor": "aEnrich",
    "versions": [
      {
        "status": "affected",
        "version": "6.8"
      }
    ]
  }
]

References

www.twcert.org.tw/tw/cp-132-5970-2f405-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

Related for CVELIST:CVE-2022-26676