Lucene search

Veracode Vulnerability DatabaseVERACODE:46861

HistoryMay 13, 2024 - 12:41 p.m.

SQL Injection

2024-05-1312:41:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

openlink virtuoso-opensource

sql injection

dos

vulnerability

dv_compare

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

openlink virtuoso-opensource is vulnerable to SQL Injection. The vulnerability is due to an issue in the dv_compare component, enabling attackers to cause a DoS via crafted SQL statements.

References

github.com/openlink/virtuoso-opensource/issues/1128

security-tracker.debian.org/tracker/CVE-2023-31620

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

33.5%

JSON

Related for VERACODE:46861