Lucene search

[email protected]NVD:CVE-2023-37361

HistoryJul 25, 2023 - 1:15 a.m.

CVE-2023-37361

2023-07-2501:15:09

CWE-89

[email protected]

web.nvd.nist.gov

redcap

sql injection

scheduling

repeatforms

purpose

app_title

randomization

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

23.9%

JSON

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

Affected configurations

Nvd

Node

vanderbiltredcapRange<12.3.2

Node

vanderbiltredcapRange<12.0.26lts

VendorProductVersionCPE
vanderbiltredcap*cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*
vanderbiltredcap*cpe:2.3:a:vanderbilt:redcap:*:*:*:*:lts:*:*:*

Vendor	Product	Version	CPE
vanderbilt	redcap	*	cpe:2.3:a:vanderbilt:redcap::::::::
vanderbilt	redcap	*	cpe:2.3:a:vanderbilt:redcap:::::lts:::*

References

trustwave.com

www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=32305

CVSS3

2.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

23.9%

JSON

Related for NVD:CVE-2023-37361

cvelist1 prion1 cve1