PT-2022-19203 · Unknown · Aenrich Ehrd Learning Management Key Performance Indicator System

Sameer S. Mohite

Published

2022-09-09

Updated

2022-09-14

CVE-2022-28742

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions aEnrich eHRD Learning Management Key Performance Indicator System version 5+

Description The issue concerns improper access control in the web application, where it fails to validate user sessions when accessing various application pages. This oversight can allow an attacker to gain unauthenticated access to sensitive functionalities within the application.

Recommendations For version 5+, ensure that user session validation is properly implemented for all application pages to prevent unauthorized access. As a temporary workaround, consider restricting access to sensitive functionalities until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-28742

Affected Products

Aenrich Ehrd Learning Management Key Performance Indicator System

CVE-2022-28742

Related Identifiers

Affected Products

References · 5