Описание
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
Ссылки
- Permissions RequiredVendor Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.4.5 (исключая)Версия до 9.4.5 (исключая)
Одно из
cpe:2.3:a:fidelissecurity:deception:*:*:*:*:*:*:*:*
cpe:2.3:a:fidelissecurity:network:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00402
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.
EPSS
Процентиль: 60%
0.00402
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
CWE-89