CVE-2021-22851

EUVD-2021-9986
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
twcertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
hgigaoaklouds_openid
2.0 ≤
𝑥
< 2.0-54
hgigaoaklouds_openid
3.0 ≤
𝑥
< 3.0-54
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef
https://www.twcert.org.tw/tw/cp-132-4327-50e99-1.html
https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef
https://www.twcert.org.tw/tw/cp-132-4327-50e99-1.html