CVE-2023-23574

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.

Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.

Ссылки

https://security.nozominetworks.com/NN-2023:3-01
Vendor Advisory
https://security.nozominetworks.com/NN-2023:3-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*

Версия до 22.6.2 (исключая)

cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

Версия до 22.6.2 (исключая)

EPSS

Процентиль: 43%

0.00209

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-q578-hqmw-59mf

CVSS3: 7.1

github

больше 2 лет назад

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.