exploitDog

CVE-2023-48645

Опубликовано: 02 фев. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.

Ссылки

https://cds.thalesgroup.com/en/tcs-cert/CVE-2023-48645
https://excellium-services.com/cert-xlm-advisory/CVE-2023-48645
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/CVE-2023-48645
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eptura:archibus:4.0.3:*:*:*:iphone_os:*:*:*

EPSS

Процентиль: 8%

0.00031

Низкий

7.8 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-5j36-2f99-3384

CVSS3: 7.8

github

около 2 лет назад

An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is opened, or when the refresh button is used. There is a SQL injection in the search work request feature in the Maintenance module of the app. This allows performing queries on the local database.

EPSS

Процентиль: 8%

0.00031

Низкий

7.8 High

CVSS3

Дефекты

CWE-89

CWE-89