CVE-2023-4092
SQL injection vulnerability in Fujitsu Arconte Áurea
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.
Vulnerabilidad de inyección SQL en Arconte Áurea, en su versión 1.5.0.0. La explotación de esta vulnerabilidad podría permitir a un atacante leer datos confidenciales de la base de datos, modificar datos (insertar/actualizar/eliminar), realizar operaciones de administración de la base de datos y, en algunos casos, ejecutar comandos en el sistema operativo.
*Credits:
Pablo Arias Rodriguez and Jorge Alberto Palma Reyes, members of CSIRT-CV
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-02 CVE Reserved
- 2023-09-19 CVE Published
- 2024-09-25 CVE Updated
- 2024-09-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fujitsu Search vendor "Fujitsu" | Arconte Aurea Search vendor "Fujitsu" for product "Arconte Aurea" | 1.5.0.0 Search vendor "Fujitsu" for product "Arconte Aurea" and version "1.5.0.0" | - |
Affected
| ||||||