Lucene search

TR-CERTCVELIST:CVE-2021-43362

HistorySep 29, 2022 - 1:51 a.m.

CVE-2021-43362 MedData HBYS 1.0 Remote SQL Injection Vulnerability

2022-09-2901:51:27

CWE-89

TR-CERT

www.cve.org

cve-2021-43362

meddata hbys

remote sql injection

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HBYS",
    "vendor": "MedData",
    "versions": [
      {
        "lessThan": "1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

gist.github.com/Blackh4n/9d8feaf1cfb68f66de17361e85f616d4

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

AI Score

Confidence

High

EPSS

0.001

Percentile

50.2%

JSON

Related for CVELIST:CVE-2021-43362