← Back to CVEs
CVE-2023-22378
HIGH8.8
Description
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published8/9/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
nozominetworks:cmcnozominetworks:guardian
Weaknesses (CWE)
CWE-89CWE-89
References
https://security.nozominetworks.com/NN-2023:2-01(prodsec@nozominetworks.com)
https://security.nozominetworks.com/NN-2023:2-01(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.