Japan Vulnerability NotesJVN:11705010JVN#11705010: Beekeeper Studio vulnerable to code injection
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.5%
Beekeeper Studio provided by Beekeeper Studio, Inc. contains a code injection vulnerability (CWE-74).
Impact
A remote authenticated attacker may execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer released Beekeeper Studio 3.9.9 that contains a fix for this vulnerability.
Products Affected
- Beekeeper Studio versions prior to 3.9.9
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
74.5%