CRITICAL🇵🇱 Wersja polska

CVE-2023-20852

CVSS 9.8v3.1pub. 2023-04-27upd. 2024-11-21

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Aenrich A\+hrd

    APP
    Aenrich
    6.8.1039v844
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2025-12870CRITICAL9.3PL ✓ten sam produkt

Authentication Abuse w aEnrich a+HRD — przejęcie tokenu administratora

CVE-2025-12871CRITICAL9.3PL ✓ten sam produkt

Aenrich A+HRD – obejście uwierzytelnienia przez fałszywe tokeny administratora

CVE-2025-0585CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Aenrich A+HRD — nieuwierzytelniony zdalny dostęp do bazy danych

CVE-2023-20853CRITICAL9.8ten sam produkt

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronize...

CVE-2022-39041CRITICAL9.8ten sam produkt

aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote att...