aenrich 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk sql injection、vendor risk cross-site scripting, and vendor risk ssrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-12871 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges. | [email protected] | 9.3 | 0.27% | 2025-11-12 | 2025-11-18 |
| CVE-2025-12870 | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges. | [email protected] | 9.3 | 0.17% | 2025-11-12 | 2025-11-18 |
| CVE-2025-12869 | The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load. | [email protected] | 4.8 | 0.03% | 2025-11-12 | 2025-11-18 |
| CVE-2025-0586 | The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution. | [email protected] | 7.2 | 1.75% | 2025-01-20 | 2025-11-17 |
| CVE-2025-0585 | The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | [email protected] | 9.8 | 0.25% | 2025-01-20 | 2025-11-17 |
| CVE-2025-0584 | The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. | [email protected] | 5.3 | 0.03% | 2025-01-20 | 2025-11-17 |
| CVE-2025-0583 | The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | [email protected] | 6.1 | 0.03% | 2025-01-20 | 2025-11-17 |
| CVE-2024-3775 | aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files. | [email protected] | 5.3 | 0.09% | 2024-04-15 | 2025-04-08 |
| CVE-2024-3774 | aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values. | [email protected] | 5.3 | 0.10% | 2024-04-15 | 2025-11-17 |
| CVE-2023-20853 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | [email protected] | 9.8 | 1.00% | 2023-04-27 | 2024-11-21 |
| CVE-2023-20852 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | [email protected] | 9.8 | 1.00% | 2023-04-27 | 2024-11-21 |
| CVE-2022-39042 | aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service. | [email protected] | 9.8 | 5.37% | 2023-01-03 | 2024-11-21 |
| CVE-2022-39041 | aEnrich a+HRD has insufficient user input validation for specific API parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database. | [email protected] | 9.8 | 0.99% | 2023-01-03 | 2024-11-21 |
| CVE-2022-39040 | aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | [email protected] | 7.5 | 3.07% | 2023-01-03 | 2024-11-21 |
| CVE-2022-39039 | aEnrich’s a+HRD has inadequate filtering for specific URL parameter. An unauthenticated remote attacker can exploit this vulnerability to send arbitrary HTTP(s) request to launch Server-Side Request Forgery (SSRF) attack, to perform arbitrary system command or disrupt service. | [email protected] | 9.8 | 1.47% | 2023-01-03 | 2024-11-21 |
| CVE-2022-28742 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application | [email protected] | 7.5 | 0.37% | 2022-09-09 | 2024-11-21 |
| CVE-2022-28741 | aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x | [email protected] | 8.1 | 0.58% | 2022-09-09 | 2024-11-21 |
| CVE-2022-28740 | aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor. | [email protected] | 7.5 | 0.32% | 2022-09-09 | 2024-11-21 |
| CVE-2022-26676 | aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | [email protected] | 9.8 | 0.80% | 2022-04-07 | 2024-11-21 |
| CVE-2022-26675 | aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | [email protected] | 7.5 | 0.26% | 2022-04-07 | 2024-11-21 |