Lucene search

INCIBECVELIST:CVE-2023-4092

HistorySep 19, 2023 - 12:57 p.m.

CVE-2023-4092 SQL injection vulnerability in Fujitsu Arconte Áurea

2023-09-1912:57:10

CWE-89

INCIBE

www.cve.org

cve-2023-4092

sql injection

fujitsu

arconte áurea

database vulnerability

data manipulation

command execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.4%

JSON

SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Arconte Áurea",
    "vendor": "Fujitsu ",
    "versions": [
      {
        "lessThan": "1.5.0.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.4%

JSON

Related for CVELIST:CVE-2023-4092