CVE-2024-9971

Published Oct 15, 2024

Last updated a month ago

Overview

Description: The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
Source: twcert@cert.org.tw
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

twcert@cert.org.tw: CWE-89

Hype score: Not currently trending

CVE-2024-9971 (CVSS:8.8, HIGH) is Analyzed. The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing..https://t.co/HRWTAFpo4X #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:newtype:flowmaster_bpm_plus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D115D34-13A3-4B70-8A84-95B8303B3D21",
            "versionEndExcluding": "5.3.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References