Improper Neutralization of Special Elements in SQL Command ('SQL Injection') Vulnerability Affects Connext Professional
CVE-2024-52057

9.1CRITICAL

Key Information:

Vendor

Rti

Status
Connext Professional
Vendor
CVE Published:
13 December 2024

What is CVE-2024-52057?

An SQL Injection vulnerability exists in RTI Connext Professional's Queuing Service. This flaw allows an attacker to execute unauthorized SQL commands, potentially compromising the security and integrity of the database. The vulnerability affects specific versions, enabling exploitation through improper neutralization of special elements in SQL commands. Users of affected versions from 5.2.0 to 7.3.0 should urgently implement the necessary patches to safeguard their systems. For further details, please refer to the official RTI vulnerability advisory.

Affected Version(s)

Connext Professional 7.0.0 < 7.3.0

Connext Professional 5.2.0 < 6.1.2.17

References

https://www.rti.com/vulnerabilities/#cve-2024-52057

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.