Details of VAR-202307-2113

ID

VAR-202307-2113

CVE

CVE-2023-3983

DESCRIPTION

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

Trust: 1.0

sources: NVD: CVE-2023-3983

AFFECTED PRODUCTS

vendor:

advantech

model:

iview

scope:

version:

5.7.4.6752

Trust: 1.0

sources: NVD: CVE-2023-3983

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-3983
value:	HIGH
Trust: 1.0

NVD:	CVE-2023-3983
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-3983

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2023-3983

CONFIGURATIONS

sources: NVD: CVE-2023-3983

EXTERNAL IDS

db:	TENABLE	id:	TRA-2023-24	Trust: 1.0
db:	NVD	id:	CVE-2023-3983	Trust: 1.0

sources: NVD: CVE-2023-3983

REFERENCES

url:

https://www.tenable.com/security/research/tra-2023-24

Trust: 1.0

sources: NVD: CVE-2023-3983

SOURCES

db:

NVD

id:

CVE-2023-3983

LAST UPDATE DATE

2023-08-12T03:18:49.784000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2023-3983

date:

2023-08-04T17:03:00

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2023-3983

date:

2023-07-31T19:15:00