SQL Injection Vulnerability in ASPECT Products by ABB
CVE-2024-13955
9.4CRITICAL
What is CVE-2024-13955?
A 2nd Order SQL injection vulnerability in ASPECT products allows potential unauthorized access and manipulation of database repositories. If administrator credentials are compromised, attackers could gain unintended access, compromising data integrity and confidentiality. This issue affects the ASPECT-Enterprise and NEXUS and MATRIX series versions up to 3.*, highlighting the importance of securing administrator credentials and implementing robust access control measures.
Affected Version(s)
ASPECT-Enterprise Linux 0 <= 3.*
MATRIX Series Linux 0 <= 3.*
NEXUS Series Linux 0 <= 3.*
References
CVSS V4
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure