CNNVD-202511-1513 Information

CNNVD ID

CNNVD-202511-1513

Related CVE

CVE-2025-12870

• CNNVD Published: 2025-11-12

Description (Chinese)

aEnrich a+HRD是中国育碁（aEnrich）公司的一个全方位人力资源开发化解决方案。 aEnrich a+HRD存在安全漏洞，该漏洞源于身份验证滥用，可能允许未经身份验证的远程攻击者发送特制数据包获取管理员访问令牌并使用它们以提升的权限访问系统。

Description (English)

aEnrich a+HRD is a holistic human resource development solution for aEnrich Corporation in China. AEnrich a+HRD has a security loophole, which stems from the misuse of identification, and may allow remote assailants without identification to send specially designed data packages to access the tokens and to use them for enhanced access to the system.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

育碁

Published

2025-11-12

Last Modified

2026-02-24

References

https://www.twcert.org.tw/en/cp-139-10487-12a32-2.html https://www.twcert.org.tw/tw/cp-132-10486-a3459-1.html https://www.chtsecurity.com/news/b97e8337-6b0c-43e8-8e8c-187b7c0e13c2

Patch

https://www.aenrich.com.tw/products/mps.html