Lucene search

INCIBECVELIST:CVE-2023-6097

HistoryNov 13, 2023 - 1:11 p.m.

CVE-2023-6097 SQL Injection on ICSSolution ICS Business Manager

2023-11-1313:11:01

CWE-89

INCIBE

www.cve.org

sql injection

ics business manager

remote user

database

modification

deletion

vulnerability

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ICS Business Manager",
    "vendor": "ICSSolution",
    "versions": [
      {
        "status": "affected",
        "version": "7.06.0028.7089"
      },
      {
        "status": "affected",
        "version": "7.06.0028.7066"
      },
      {
        "status": "affected",
        "version": "7.06.0028.2802"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-icssolution-ics-business-manager

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for CVELIST:CVE-2023-6097