Lucene search

MitreVULNRICHMENT:CVE-2023-46954

HistoryNov 03, 2023 - 12:00 a.m.

CVE-2023-46954

2023-11-0300:00:00

mitre

github.com

sql injection

relativityone

remote attacker

arbitrary code

AI Score

8.7

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:relativity:relativityone:12.4.537.3:-:*:*:*:*:*:*"
    ],
    "vendor": "relativity",
    "product": "relativityone",
    "versions": [
      {
        "status": "affected",
        "version": "12.4.537.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:relativity:relativityone:12.4.537.3:patch_2:*:*:*:*:*:*"
    ],
    "vendor": "relativity",
    "product": "relativityone",
    "versions": [
      {
        "status": "affected",
        "version": "12.4.537.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:relativity:relativityone:*:*:*:*:*:*:*:*"
    ],
    "vendor": "relativity",
    "product": "relativityone",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "12.4.537.3"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/jakedmurphy1/CVE-2023-46954