Lucene search

[email protected]NVD:CVE-2023-46806

HistoryMay 22, 2024 - 11:15 p.m.

CVE-2023-46806

2024-05-2223:15:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

epmm

web component

authenticated user

database vulnerability

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database.

References

forums.ivanti.com/s/article/Security-Advisory-EPMM-May-2024?language=en_US

CVSS3

6.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-46806

vulnrichment1 cvelist1 cve1 thn1