Lucene search

TwcertCVELIST:CVE-2021-22852

HistoryJan 19, 2021 - 10:05 a.m.

CVE-2021-22852 HGiga OAKloud Portal - SQL injection -2

2021-01-1910:05:36

CWE-89

twcert

www.cve.org

hgiga

oakloud

portal

sql injection

vulnerability

attackers

url parameter

database schema

data

cve-2021-22852

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.

CNA Affected

[
  {
    "product": "OAKSv20 OAKlouds-mol_course_v3 2.0",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThanOrEqual": "2.0-146",
        "status": "affected",
        "version": "2.0-124",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "OAKSv30 OAKlouds-mol_course_v3 3.0",
    "vendor": "HGiga",
    "versions": [
      {
        "lessThanOrEqual": "3.0-146",
        "status": "affected",
        "version": "3.0-124",
        "versionType": "custom"
      }
    ]
  }
]

References

www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef

www.twcert.org.tw/tw/cp-132-4328-97765-1.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2021-22852