CVE-2022-28740 : aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sen

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.

Published 2022-09-09 16:15:09

Updated 2022-09-14 18:33:05

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2022-28740

Aenrich » A+hrd
Versions from including (>=) 5.0 and before (<) 5.4.1125v112
cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:*
Matching versions
Aenrich » A+hrd
Versions from including (>=) 5.6 and before (<) 5.6.1067v110
cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:*
Matching versions
Aenrich » A+hrd
Versions from including (>=) 5.5 and before (<) 5.5.1098v156
cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:*
Matching versions
Aenrich » A+hrd
Versions from including (>=) 6.0 and before (<) 7.0
cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.21%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

https://www.aenrich.com.tw

aEnrich育碁a+HRD: LMS/eHRD應用成效第一．成就企業卓越人才
Vendor Advisory

CVEs referencing this url
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0034/MNDT-2022-0034.md

Vulnerability-Disclosures/MNDT-2022-0034.md at master · mandiant/Vulnerability-Disclosures · GitHub
Third Party Advisory

Jump to