What is CVE-2022-39042?

CVE-2022-39042 is a critical-severity vulnerability in Aenrich A+hrd, classified under Improper Authentication. CVSS score: 9.8/10. Published 2023-01-03.

How severe is CVE-2022-39042?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Aenrich A+hrd

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service.

Vulnerability class: Broken Authentication

EPSS: 0.054 (90.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Aenrich A+hrd — versions 6.8

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

www.twcert.org.tw/tw/cp-132-6795-f7fe6-1.html

Frequently asked questions

What is CVE-2022-39042?: CVE-2022-39042 is a critical-severity vulnerability in Aenrich A+hrd, classified under Improper Authentication. CVSS score: 9.8/10. Published 2023-01-03.
How severe is CVE-2022-39042?: Critical severity. CVSS v3 base score is 9.8 out of 10.