CVE-2024-9968

Published Oct 15, 2024

Last updated a month ago

Overview

Description: WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product.
Source: twcert@cert.org.tw
NVD status: Analyzed
CNA Tags: unsupported-when-assigned

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

twcert@cert.org.tw: CWE-89

Hype score: Not currently trending

CVE-2024-9968 (CVSS:8.8, HIGH) is Analyzed. WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to in..https://t.co/IDthT5sqTU #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:newtype:webeip:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "647F475F-A3F3-476D-AC43-20C71E930735"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References