Improper Validation in aEnrich a+HRD Login Function Allows Unauthenticated Remote Attackers to Bypass Authentication and Execute Arbitrary Commands

Improper Validation in aEnrich a+HRD Login Function Allows Unauthenticated Remote Attackers to Bypass Authentication and Execute Arbitrary Commands

CVE-2022-39042 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.

Learn more about our Api Penetration Testing.