Описание
A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.
Ссылки
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 6.0 (исключая)
Одно из
cpe:2.3:a:siemens:desigo_insight:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:desigo_insight:6.0:sp5:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00214
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.
EPSS
Процентиль: 44%
0.00214
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89