CVE-2024-29732

{"id": "CVE-2024-29732", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-03-21T11:15:28.390", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast", "source": "cve-coordination@incibe.es"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via \"user\" parameter."}, {"lang": "es", "value": "Se ha encontrado una inyecci\u00f3n SQL en SCAN_VISIO eDocument Suite Web Viewer de Abast. Esta vulnerabilidad permite a un usuario no autenticado recuperar, actualizar y eliminar toda la informaci\u00f3n de la base de datos. Esta vulnerabilidad se encontr\u00f3 en la p\u00e1gina de inicio de sesi\u00f3n mediante el par\u00e1metro \"usuario\"."}], "lastModified": "2024-11-21T09:08:11.323", "sourceIdentifier": "cve-coordination@incibe.es"}