Lucene search
TwcertCVE-2024-7731HistoryAug 14, 2024 - 7:15 a.m.
CVE-2024-7731
2024-08-1407:15:13
CWE-89
twcert
web.nvd.nist.gov
26
access control system
sql injection
remote attackers
database modification
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.9
Confidence
High
EPSS
0.001
Percentile
39.6%
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
Affected configurations
Node
secomdr.id_access_controlRange<3.6.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| secom | dr.id_access_control | * | cpe:2.3:a:secom:dr.id_access_control:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Dr.ID Access control system",
"vendor": "SECOM",
"versions": [
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-7731 SECOM Dr.ID Access control system - SQL injection
2024-08-14 06:30:58
cvelist
cvelist
CVE-2024-7731 SECOM Dr.ID Access control system - SQL injection
2024-08-14 06:30:58
nvd
nvd
CVE-2024-7731
2024-08-14 07:15:13
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.9
Confidence
High
EPSS
0.001
Percentile
39.6%
Related for CVE-2024-7731