Lucene search

INCIBEVULNRICHMENT:CVE-2024-29732

HistoryMar 21, 2024 - 10:37 a.m.

CVE-2024-29732 SQL Injection vulnerability on SCAN_VISIO eDocument Suite Web Viewer from Abast

2024-03-2110:37:08

CWE-89

INCIBE

github.com

cve-2024-29732

abast

sql injection

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via “user” parameter.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:abast:scan_visio_edocument_suite_web_viewer:*:*:*:*:*:*:*:*"
    ],
    "vendor": "abast",
    "product": "scan_visio_edocument_suite_web_viewer",
    "versions": [
      {
        "status": "affected",
        "version": "3.28.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-29732