ARCHIBUS Web Central is a web-based network management center for ARCHIBUS that organizes facilities and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, edit, and monitor this data. SQL injection vulnerabilities exist in versions of ARCHIBUS Web Central prior to 26.2, which stem from dwr/call/plaincall/workflow. runWorkflowRule.dwr lacks validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
archibus web central | lt | 26.2 |