Lucene search

INCIBECVE-2024-1301

HistoryMar 12, 2024 - 4:15 p.m.

CVE-2024-1301

2024-03-1216:15:07

CWE-89

INCIBE

web.nvd.nist.gov

cve-2024-1301

sql injection

badger meter monitool

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database.

Affected configurations

Vulners

Vulnrichment

Node

badger_metermonitoolRange≤4.6.3

VendorProductVersionCPE
badger_metermonitool*cpe:2.3:a:badger_meter:monitool:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
badger_meter	monitool	*	cpe:2.3:a:badger_meter:monitool::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Monitool",
    "vendor": "Badger Meter",
    "versions": [
      {
        "status": "affected",
        "version": "4.6.3"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1301