CVE-2026-6834
Missing Authorization in a+HRD API Allows Remote Data Access
Publication date: 2026-04-22
Last updated on: 2026-04-22
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aenrich | a+hrd | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows attackers who have some level of authentication to access sensitive database information without authorization. This can lead to unauthorized disclosure of confidential data, potentially compromising privacy and security.
Can you explain this vulnerability to me?
The vulnerability in the a+HRD software developed by aEnrich is a Missing Authorization issue. This means that authenticated remote attackers can exploit a specific API method to read database contents arbitrarily without proper permission checks.
Can you explain this vulnerability to me?
The vulnerability in the a+HRD software developed by aEnrich is a Missing Authorization flaw. This means that authenticated remote attackers can exploit a specific API method to read database contents arbitrarily without proper permission checks.
How can this vulnerability impact me? :
This vulnerability allows attackers who have some level of authentication to access sensitive database information without authorization. The impact is a high confidentiality breach, potentially exposing sensitive data stored in the database.
Can you explain this vulnerability to me?
The vulnerability in the a+HRD software developed by aEnrich is a Missing Authorization flaw. This means that authenticated remote attackers can exploit a specific API method to read database contents arbitrarily without proper permission checks.
How can this vulnerability impact me? :
This vulnerability allows attackers who have some level of authentication to access sensitive database information without authorization. This can lead to exposure of confidential data, potentially causing data breaches and compromising the security of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in a+HRD developed by aEnrich allows authenticated remote attackers to arbitrarily read database contents through a specific API method due to missing authorization.
This unauthorized data access could potentially lead to exposure of sensitive personal or protected health information, which may result in non-compliance with data protection regulations such as GDPR and HIPAA.
However, specific impacts on compliance with these standards are not detailed in the provided information.