Lucene search

MitreCVE-2021-27828

HistoryJun 01, 2021 - 12:15 p.m.

CVE-2021-27828

2021-06-0112:15:07

CWE-89

mitre

web.nvd.nist.gov

cve-2021-27828

sql injection

in4suite erp

data modification

data deletion

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

65.3%

JSON

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application’s content or behavior by using malicious SQL queries.

Affected configurations

Nvd

Node

in4velocityin4suite_erpMatch3.2.74.1370

VendorProductVersionCPE
in4velocityin4suite_erp3.2.74.1370cpe:2.3:a:in4velocity:in4suite_erp:3.2.74.1370:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
in4velocity	in4suite_erp	3.2.74.1370	cpe:2.3:a:in4velocity:in4suite_erp:3.2.74.1370:::::::*

References

www.exploit-db.com/exploits/49884

www.in4velocity.com/in4suite-erp.html

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

65.3%

JSON

Related for CVE-2021-27828