aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-7724-c28d3-1.html |
History
Mon, 14 Oct 2024 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-200 |
Mon, 14 Oct 2024 07:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Aenrich
Aenrich a\+hrd |
|
CPEs | cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:* | |
Vendors & Products |
Aenrich
Aenrich a\+hrd |
|
Metrics |
ssvc
|
Mon, 14 Oct 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-306 CWE-497 |
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-04-15T02:14:39.724Z
Updated: 2024-10-18T15:44:24.362Z
Reserved: 2024-04-15T01:56:13.197Z
Link: CVE-2024-3774
Vulnrichment
Updated: 2024-08-01T20:20:01.828Z
NVD
Status : Awaiting Analysis
Published: 2024-04-15T03:16:08.197
Modified: 2024-11-21T09:30:22.263
Link: CVE-2024-3774
Redhat
No data.