Lucene search

MitreCVE-2023-46954

HistoryNov 03, 2023 - 3:15 a.m.

CVE-2023-46954

2023-11-0303:15:07

CWE-89

mitre

web.nvd.nist.gov

cve-2023-46954

sql injection

relativityone

remote code execution

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.

Affected configurations

Nvd

Node

relativityrelativityoneRange<12.4.537.3

relativityrelativityoneMatch12.4.537.3-

relativityrelativityoneMatch12.4.537.3patch_2

VendorProductVersionCPE
relativityrelativityone*cpe:2.3:a:relativity:relativityone:*:*:*:*:*:*:*:*
relativityrelativityone12.4.537.3cpe:2.3:a:relativity:relativityone:12.4.537.3:-:*:*:*:*:*:*
relativityrelativityone12.4.537.3cpe:2.3:a:relativity:relativityone:12.4.537.3:patch_2:*:*:*:*:*:*

Vendor	Product	Version	CPE
relativity	relativityone	*	cpe:2.3:a:relativity:relativityone::::::::
relativity	relativityone	12.4.537.3	cpe:2.3:a:relativity:relativityone:12.4.537.3:-::::::
relativity	relativityone	12.4.537.3	cpe:2.3:a:relativity:relativityone:12.4.537.3:patch_2::::::

References

github.com/jakedmurphy1/CVE-2023-46954

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

38.9%

JSON

Related for CVE-2023-46954