A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application.
Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.
References
Link | Resource |
---|---|
https://security.nozominetworks.com/NN-2023:2-01 | Vendor Advisory |
https://security.nozominetworks.com/NN-2023:2-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.nozominetworks.com/NN-2023:2-01 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
20 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability. |
28 May 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. |
15 Aug 2023, 16:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
References | (MISC) https://security.nozominetworks.com/NN-2023:2-01 - Vendor Advisory | |
CPE | cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
09 Aug 2023, 12:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 09:15
Updated : 2024-11-21 07:44
NVD link : CVE-2023-22378
Mitre link : CVE-2023-22378
CVE.ORG link : CVE-2023-22378
JSON object : View
Products Affected
nozominetworks
- guardian
- cmc
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')