Description
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
Published: 2026-04-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the a+HRD application, where an authenticated remote attacker can invoke a specific API method that lacks proper authorization checks. This allows the attacker to arbitrarily read sensitive database contents, potentially revealing personally identifiable information and business data. The weakness is classified as CWE‑862, a missing or incorrect authorization control.

Affected Systems

This issue affects the aEnrich a+HRD system. No specific version range is provided, so all deployed instances may be vulnerable until patched.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity, though the EPSS score is currently unavailable, suggesting limited public exploitation data. The vulnerability is not listed in the CISA KEV catalog. The attack requires valid user credentials and remote API access; once authenticated, the attacker can read arbitrary database entries. The missing authorization check creates a significant confidentiality risk.

Generated by OpenCVE AI on April 22, 2026 at 06:07 UTC.

Remediation

Vendor Solution

Please refer to the aEnrich advisory to upgrade to version 6.8 or later and install the latest patches, or contact aEnrich customer service for assistance.

OpenCVE Recommended Actions

  • Upgrade to version 6.8 or later as recommended by aEnrich.
  • Apply the latest patches supplied by aEnrich to the a+HRD deployment.
  • If upgrading immediately is not possible, contact aEnrich customer service for assistance.

Generated by OpenCVE AI on April 22, 2026 at 06:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
First Time appeared Aenrich
Aenrich a+hrd
Vendors & Products Aenrich
Aenrich a+hrd

Wed, 22 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
Title aEnrich|a+HRD - Missing Authorization
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Aenrich A+hrd
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-22T12:44:33.096Z

Reserved: 2026-04-22T02:48:34.692Z

Link: CVE-2026-6834

cve-icon Vulnrichment

Updated: 2026-04-22T12:43:58.874Z

cve-icon NVD

Status : Received

Published: 2026-04-22T04:16:09.307

Modified: 2026-04-22T04:16:09.307

Link: CVE-2026-6834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:15:10Z

Weaknesses