Sameer S. Mohite

**Name of the Vulnerable Software and Affected Versions** aEnrich eHRD Learning Management Key Performance Indicator System version 5+ **Description** The issue concerns the exposure of sensitive information to unauthorized actors. **Recommendations** For version 5+, consider restricting access to sensitive information until a patch or fix is available. As a temporary workaround, review and adjust the system's access controls to minimize the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x **Description** The issue is related to a local file inclusion (LFI) vulnerability due to missing input validation. **Recommendations** For version 5.x, update to a version that includes input validation to prevent local file inclusion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aEnrich eHRD Learning Management Key Performance Indicator System version 5+ **Description** The issue concerns improper access control in the web application, where it fails to validate user sessions when accessing various application pages. This oversight can allow an attacker to gain unauthenticated access to sensitive functionalities within the application. **Recommendations** For version 5+, ensure that user session validation is properly implemented for all application pages to prevent unauthorized access. As a temporary workaround, consider restricting access to sensitive functionalities until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** AIMANAGER version 2.1.0 before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices **Description** The issue allows an attacker to gain administrative access by modifying the response to an authentication check request, due to improper authentication. **Recommendations** For AIMANAGER version 2.1.0 before B115, update to a version that includes the B115 patch or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 **Description** The issue is related to OS Command Injection due to missing input validation on one of the parameters of an HTTP request. **Recommendations** For AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0, consider restricting access to the vulnerable parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.