Lucene search

TR-CERTCVELIST:CVE-2024-0857

HistoryJul 18, 2024 - 5:32 p.m.

CVE-2024-0857 SQLi in Universal Software's FlexWater Corporate Water Management

2024-07-1817:32:35

CWE-89

TR-CERT

www.cve.org

cve-2024-0857

universal software inc

flexwater corporate water management

sql injection

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Universal Software Inc. FlexWater Corporate Water Management allows SQL Injection.This issue affects FlexWater Corporate Water Management: before 5.452.0.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "FlexWater Corporate Water Management",
    "vendor": "Universal Software Inc.",
    "versions": [
      {
        "lessThan": "5.452.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-1011

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.4%

JSON

Related for CVELIST:CVE-2024-0857