CVE-2022-39039 in a+HRDinformazioni

Riassunto

di MITRE • 03/01/2023

aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

TWCERT/CC

Prenotare

30/08/2022

Divulgazione

03/01/2023

Moderazione

accettato

CPE

pronto

EPSS

0.01022

KEV

no

Attività

molto basso

Fonti

Do you want to use VulDB in your project?

Use the official API to access entries easily!