Lucene search

INCIBECVELIST:CVE-2024-29732

HistoryMar 21, 2024 - 10:37 a.m.

CVE-2024-29732 SQL Injection vulnerability on SCAN_VISIO eDocument Suite Web Viewer from Abast

2024-03-2110:37:08

CWE-89

INCIBE

www.cve.org

cve-2024-29732

abast

scan_visio

sql injection

web viewer

edocument suite

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via “user” parameter.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SCAN_VISIO eDocument Suite Web Viewer",
    "vendor": "Abast",
    "versions": [
      {
        "status": "affected",
        "version": "3.28.1"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-29732