Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Advantech
Advantech iview |
|
CPEs | cpe:2.3:a:advantech:iview:5.7.04:*:*:*:*:*:*:* | |
Vendors & Products |
Advantech
Advantech iview |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863. | |
Title | Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-11-22T20:05:15.175Z
Updated: 2024-12-05T19:32:34.015Z
Reserved: 2024-01-11T20:39:58.816Z
Link: CVE-2023-52335
Vulnrichment
Updated: 2024-12-05T19:32:25.125Z
NVD
Status : Received
Published: 2024-11-22T20:15:07.927
Modified: 2024-11-22T20:15:07.927
Link: CVE-2023-52335
Redhat
No data.