The COVID Tracking System is a web-based application used to track and manage COVID-19 data. The vulnerability discovered in version 1.0 allows an attacker to inject malicious SQL code into the system, potentially leading to unauthorized access to sensitive data.
You're affected if you use A security vulnerability. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Contact aEnrich directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict network access to your a+HRD instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation