aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
History

Mon, 14 Oct 2024 07:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Mon, 14 Oct 2024 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Aenrich
Aenrich a\+hrd
CPEs cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:*
Vendors & Products Aenrich
Aenrich a\+hrd
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
CWE-497

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-04-15T02:14:39.724Z

Updated: 2024-10-18T15:44:24.362Z

Reserved: 2024-04-15T01:56:13.197Z

Link: CVE-2024-3774

cve-icon Vulnrichment

Updated: 2024-08-01T20:20:01.828Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-15T03:16:08.197

Modified: 2024-11-21T09:30:22.263

Link: CVE-2024-3774

cve-icon Redhat

No data.