CVE-2022-38490

EUVD-2022-41073
An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
mitreCNA
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:C/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
easyvistaservice_manager
2020.2.125.3
easyvistaservice_manager
2022.1.109.0.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://excellium-services.com/cert-xlm-advisory/CVE-2022-38490
https://excellium-services.com/cert-xlm-advisory/CVE-2022-38490