Lucene search

[email protected]NVD:CVE-2023-4835

HistorySep 15, 2023 - 9:15 a.m.

CVE-2023-4835

2023-09-1509:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-4835

improper neutralization

special elements

sql command

oil management software

20230912

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 .

Affected configurations

Nvd

Node

petroleum_management_software_application_projectpetroleum_management_software_applicationRange<20230912

VendorProductVersionCPE
petroleum_management_software_application_projectpetroleum_management_software_application*cpe:2.3:a:petroleum_management_software_application_project:petroleum_management_software_application:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
petroleum_management_software_application_project	petroleum_management_software_application	*	cpe:2.3:a:petroleum_management_software_application_project:petroleum_management_software_application::::::::

References

www.usom.gov.tr/bildirim/tr-23-0533

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.001

Percentile

46.5%

JSON

Related for NVD:CVE-2023-4835

prion1 cvelist1 vulnrichment1 cve1