The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAenrich A\+hrd
APPAenrich≤ 7.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-12870CRITICAL9.3PL ✓ten sam produkt
Authentication Abuse w aEnrich a+HRD — przejęcie tokenu administratora
CVE-2025-0585CRITICAL9.8PL ✓ten sam produkt
SQL Injection w Aenrich A+HRD — nieuwierzytelniony zdalny dostęp do bazy danych
CVE-2023-20852CRITICAL9.8ten sam produkt
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter....
CVE-2023-20853CRITICAL9.8ten sam produkt
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronize...
CVE-2022-39041CRITICAL9.8ten sam produkt
aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote att...