SQL Injection Vulnerability in Intel Security Advanced Threat Defense
CVE-2017-3899
6.5MEDIUM
Summary
An SQL injection vulnerability exists in Intel Security Advanced Threat Defense (ATD) Linux version 3.6.0 and earlier. This flaw allows remote authenticated users to manipulate HTTP request parameters, potentially enabling access to product information without proper authorization. The vulnerability highlights the importance of secure coding practices and user input validation to prevent unauthorized data exposure.
Affected Version(s)
Advanced Threat Defense (ATD) Linux 3.6.0 and earlier
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved