Lucene search

TR-CERTCVELIST:CVE-2024-4228

HistoryJun 26, 2024 - 2:28 p.m.

CVE-2024-4228 SQLi in Magarsus Consultancy's SSO

2024-06-2614:28:24

CWE-89

TR-CERT

www.cve.org

cve-2024-4228

sql injection

magarsus consultancy sso

exposure of sensitive information

insufficiently protected credentials

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection.This issue affects SSO (Single Sign On): from 1.0 before 1.1.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SSO (Single Sign On)",
    "vendor": "Magarsus Consultancy",
    "versions": [
      {
        "lessThan": "1.1",
        "status": "affected",
        "version": "1.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-24-0800

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2024-4228