CVE-2023-3377 - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Veribase	Veribase

Configuration 1 [-]

cpe:2.3:a:veribase:veribase:*:*:*:*:*:*:*:*

References

Link	Resource
https://https://www.usom.gov.tr/bildirim/tr-23-0655	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TR-CERT

Published: 2023-11-23T08:30:25.283Z

Updated: 2023-11-23T08:30:25.283Z

Reserved: 2023-06-23T07:58:39.597Z

Link: CVE-2023-3377

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-23T09:15:33.353

Modified: 2023-11-30T16:06:38.067

Link: CVE-2023-3377

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3377", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2023-06-23T07:58:39.597Z", "datePublished": "2023-11-23T08:30:25.283Z", "dateUpdated": "2023-11-23T08:30:25.283Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Veribase", "vendor": "Veribilim Software Computer", "versions": [{"lessThanOrEqual": "20231123", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Resul Melih MAC\u0130T"}], "datePublic": "2023-11-23T08:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.<p>This issue affects Veribase: through 20231123. \n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veribilim Software Computer Veribase allows SQL Injection.This issue affects Veribase: through 20231123.\u00a0\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2023-11-23T08:30:25.283Z"}, "references": [{"tags": ["government-resource"], "url": "https://https://www.usom.gov.tr/bildirim/tr-23-0655"}], "source": {"advisory": "TR-23-0655", "defect": ["TR-23-0655"], "discovery": "UNKNOWN"}, "title": "SQLi in Veribilim's Veribase", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}