Lucene search

TR-CERTCVE-2023-1091

HistoryMar 10, 2023 - 8:15 a.m.

CVE-2023-1091

2023-03-1008:15:09

CWE-89

TR-CERT

web.nvd.nist.gov

cve-2023-1091

sql injection

alpata

licensed warehousing automation system

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01.

Affected configurations

Nvd

Node

alpatateknolojilicensed_warehousing_automation_systemRange≤2023.1.01

VendorProductVersionCPE
alpatateknolojilicensed_warehousing_automation_system*cpe:2.3:a:alpatateknoloji:licensed_warehousing_automation_system:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alpatateknoloji	licensed_warehousing_automation_system	*	cpe:2.3:a:alpatateknoloji:licensed_warehousing_automation_system::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Licensed Warehousing Automation System",
    "vendor": "Alpata",
    "versions": [
      {
        "lessThanOrEqual": "2023.1.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-23-0139

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

Related for CVE-2023-1091