CVE-2023-45684
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.
Northern.tech CFEngine Enterprise anterior a 3.21.3 permite la inyección SQL. Las versiones fijas son 3.18.6 y 3.21.3. La primera versión afectada es la 3.6.0. El problema está en la página de inicio de sesión del Portal de la Misión en el centro CFEngine.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-10 CVE Reserved
- 2023-11-14 CVE Published
- 2024-09-03 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cfengine.com/blog/2023/cve-2023-45684 | 2023-11-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Northern.tech Search vendor "Northern.tech" | Cfengine Search vendor "Northern.tech" for product "Cfengine" | < 3.18.6 Search vendor "Northern.tech" for product "Cfengine" and version " < 3.18.6" | enterprise |
Affected
| ||||||
| Northern.tech Search vendor "Northern.tech" | Cfengine Search vendor "Northern.tech" for product "Cfengine" | >= 3.19.0 < 3.21.3 Search vendor "Northern.tech" for product "Cfengine" and version " >= 3.19.0 < 3.21.3" | enterprise |
Affected
| ||||||