CVE-2023-20852

EPSS 0.48%
Veröffentlicht 27.04.2023 02:15:09
Zuletzt bearbeitet 21.11.2024 07:41:41
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aenrich ≫ A+hrd Version6.8.1039v844

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.643

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.twcert.org.tw/tw/cp-132-7023-8368b-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20852

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20852

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20852

EUVD