CVE-2019-1000023

Name of the Vulnerable Software and Affected Versions: OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) versions v3.6-2 and earlier

Description: The issue allows a malicious attacker to include their own SQL commands, which the database will execute, due to a SQL Injection vulnerability. The vulnerability is exploitable via network connectivity and is identified in the parameters: id, id access type, and id attr access.

Recommendations: For OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) versions v3.6-2 and earlier, consider restricting access to the vulnerable parameters id, id access type, and id attr access to minimize the risk of exploitation. Avoid using these parameters in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.