9.8

CVE-2023-20852

EPSS 0.99%
Veröffentlicht 27.04.2023 02:15:09
Zuletzt bearbeitet 21.11.2024 07:41:41
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

aEnrich a+HRD - Deserialization of Untrusted Data

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Aenrich ≫ A+hrd Version6.8.1039v844

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.99%	0.578

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.twcert.org.tw/tw/cp-132-7023-8368b-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20852

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20852

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20852

EUVD