aEnrich a+HRD is enterprise HR software used by some organizations for employee management. This vulnerability lets attackers forge admin tokens without any credentials, gaining full administrative access to your HR system remotely.
aEnrich a+HRD is enterprise HR software used by some organizations for employee management. This vulnerability lets attackers forge admin tokens without any credentials, gaining full administrative access to your HR system remotely.
You're affected if you use aEnrich a+HRD. Version info: Not specified in the advisory. If you don't recognise the name, you're almost certainly not affected. Check with your HR or IT department if your organisation uses aEnrich products. To verify, run find / -name "aenrich*.jar" 2>/dev/null.
Contact aEnrich directly for a patched version - there's no public patch link in the advisory.
Immediate mitigations:
- Restrict network access to your a+HRD instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation