Lucene search

K
nvd[email protected]NVD:CVE-2023-48118
HistoryJan 22, 2024 - 7:15 p.m.

CVE-2023-48118

2024-01-2219:15:08
CWE-89
web.nvd.nist.gov
vulnerability
remote attacker
execute arbitrary code
crafted request
common.svc wsdl page

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

65.6%

SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page.

Affected configurations

NVD
Node
quest-analyticsiqcrmMatch2023.9.5

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

65.6%

Related for NVD:CVE-2023-48118