Lucene search

MitreCVE-2024-34458

HistoryAug 20, 2024 - 2:15 p.m.

CVE-2024-34458

2024-08-2014:15:08

CWE-89

mitre

web.nvd.nist.gov

keyfactor command

sql injection

information disclosure

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

37.7%

JSON

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in information disclosure.

Affected configurations

Nvd

Node

keyfactorcommandMatch10.5.0

keyfactorcommandMatch11.5.0

VendorProductVersionCPE
keyfactorcommand10.5.0cpe:2.3:a:keyfactor:command:10.5.0:*:*:*:*:*:*:*
keyfactorcommand11.5.0cpe:2.3:a:keyfactor:command:11.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
keyfactor	command	10.5.0	cpe:2.3:a:keyfactor:command:10.5.0:::::::*
keyfactor	command	11.5.0	cpe:2.3:a:keyfactor:command:11.5.0:::::::*

References

trust.keyfactor.com/?itemUid=d73921fd-bc9e-4e35-a974-cfb628e6a226&source=click

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

37.7%

JSON

Related for CVE-2024-34458