Lucene search

INCIBECVELIST:CVE-2021-3604

HistoryJun 18, 2021 - 2:14 p.m.

CVE-2021-3604 Primion-Digitek Secure 8 SQL injection vulnerability

2021-06-1814:14:47

INCIBE

www.cve.org

primion-digitek

secure 8

sql injection

remote attacker

user info

admin info

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

53.3%

JSON

Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.

CNA Affected

[
  {
    "product": "Secure 8 (Evalos)",
    "vendor": "Primion Digitek",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.1.55"
      }
    ]
  }
]

References

titaniumaics.blogspot.com/2021/06/vulnerabilidad-zero-day-en-primion.html

www.incibe-cert.es/en/early-warning/ics-advisories/primion-digitek-secure-8-sql-injection-vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

53.3%

JSON

Related for CVELIST:CVE-2021-3604