Japan Vulnerability NotesJVN:93833849JVN#93833849: Panasonic Video Insight VMS vulnerable to SQL injection
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
44.5%
Video Insight VMS provided by Panasonic Corporation is a video management suite for video security system. Vide Insight VMS contains a SQL injection vulnerability (CWE-89).
Impact
A logged in user may execute an arbitrary SQL statement to the database.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
γ2020/06/25 Updateγ
When this advisory was first published on 2019 September 2, the affected version was described as 7.3.2.5. However, the developer found that the fix was not adequate in version 7.5, thus version 7.6.1 that contains the fix was released later.
Products Affected
- Video Insight 7.3.2.5 VMS and earlier
For more information, refer to the information provided by the developer.
γ2020/06/25 Updateγ
When this advisory was first published on 2019 September 2, the affected version was described as 7.3.2.5. However, the developer found that the fix was not adequate in version 7.5, thus version 7.6.1 that contains the fix was released later.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
44.5%