Lucene search

TR-CERTCVE-2023-4675

HistoryDec 29, 2023 - 3:15 p.m.

CVE-2023-4675

2023-12-2915:15:09

CWE-89

TR-CERT

web.nvd.nist.gov

cve-2023-4675

sql injection

gm information technologies

mdo

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Nvd

Node

gmbilisimmulti-disciplinary_design_optimizationRange≤20231229

VendorProductVersionCPE
gmbilisimmulti-disciplinary_design_optimization*cpe:2.3:a:gmbilisim:multi-disciplinary_design_optimization:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gmbilisim	multi-disciplinary_design_optimization	*	cpe:2.3:a:gmbilisim:multi-disciplinary_design_optimization::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MDO",
    "vendor": "GM Information Technologies",
    "versions": [
      {
        "lessThanOrEqual": "20231229",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-23-0742

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

Related for CVE-2023-4675