CVE-2023-20853
Published Apr 27, 2023
Last updated 2 years ago
Overview
- Description
- aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- twcert@cert.org.tw
- CWE-502
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aenrich:a\\+hrd:6.8.1039v844:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBEB6635-4A9D-4C1A-82D3-3DC765512A6D"
}
],
"operator": "OR"
}
]
}
]