Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData
References
Link | Resource |
---|---|
https://www.gov.il/en/Departments/faq/cve_advisories | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCD
Published: 2022-06-27T00:00:00
Updated: 2022-07-06T13:12:27
Reserved: 2022-05-12T00:00:00
Link: CVE-2022-30619
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-06T14:15:18.523
Modified: 2022-07-14T17:35:01.713
Link: CVE-2022-30619
JSON object: View
Redhat Information
No data.
CWE