← volver
CVE-2023-23574

Authenticated Blind SQL Injection on alerts count in Guardian/CMC before 22.6.2

CVSS 8.7 HIGHEPSS 0.5%CWE-89
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Nozomi Networks · CMCNozomi Networks · Guardian

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://security.nozominetworks.com/NN-2023:3-01