{"api_version":"1","generated_at":"2026-04-22T16:30:46+00:00","cve":"CVE-2023-20852","urls":{"html":"https://cve.report/CVE-2023-20852","api":"https://cve.report/api/cve/CVE-2023-20852.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-20852","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-20852"},"summary":{"title":"CVE-2023-20852","description":"aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.","state":"PUBLIC","assigner":"cve@cert.org.tw","published_at":"2023-04-27 02:15:00","updated_at":"2023-05-08 17:45:00"},"problem_types":["CWE-502"],"metrics":[],"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7023-8368b-1.html","name":"N/A","refsource":"CONFIRM","tags":[],"title":"TWCERT/CC台灣電腦網路危機處理暨協調中心|企業資安通報協處|資安情資分享|漏洞通報|資安聯盟|資安電子報-育碁數位科技 a+HRD - Deserialization of Untrusted Data","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-20852","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-20852","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"20852","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"aenrich","cpe5":"a\\+hrd","cpe6":"6.8.1039v844","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2023-03-31T01:54:00.000Z","ID":"CVE-2023-20852","STATE":"PUBLIC","TITLE":"aEnrich a+HRD - Deserialization of Untrusted Data"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"a+HRD","version":{"version_data":[{"version_affected":"=","version_value":"6.8.1039V844"}]}}]},"vendor_name":"aEnrich"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-502 Deserialization of Untrusted Data"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-7023-8368b-1.html","name":"https://www.twcert.org.tw/tw/cp-132-7023-8368b-1.html"}]},"solution":[{"lang":"eng","value":"Update a+HRD version to eHRD6.8.1039V920 and later"}],"source":{"advisory":"TVN-202302011","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2023-04-27 02:15:00","lastModifiedDate":"2023-05-08 17:45:00","problem_types":["CWE-502"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:aenrich:a\\+hrd:6.8.1039v844:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}