Lucene search

K
cvelistGitHub_MCVELIST:CVE-2024-43406
HistoryAug 20, 2024 - 3:00 p.m.

CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore

2024-08-2015:00:06
CWE-89
GitHub_M
www.cve.org
3
cve-2024-43406
lf edge ekuiper
sql injection
sqlkvstore
iot
data analytics
stream processing
get method
vulnerability
fixed

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.

CNA Affected

[
  {
    "vendor": "lf-edge",
    "product": "ekuiper",
    "versions": [
      {
        "version": "< 1.14.2",
        "status": "affected"
      }
    ]
  }
]

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.0%

Related for CVELIST:CVE-2024-43406