Sql injection

2020-09-2415:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

CPENameOperatorVersion
edna_enterprise_data_historianeq3.0.1275498933053 

CPE	Name	Operator	Version
	edna_enterprise_data_historian	eq	3.0.1275498933053

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1108