CVE-2020-13504

Name of the Vulnerable Software and Affected Versions ednareporting.asmx (affected versions not specified)

Description The issue concerns an unauthenticated SQL injection vulnerability. Specifically, the AttFilterValue parameter in the ednareporting.asmx service is vulnerable to SQL injection attacks. An attacker can exploit this by sending specially crafted SOAP web requests, potentially leading to data compromise. The vulnerability can be triggered by sending unauthenticated HTTP requests.

Recommendations As a temporary workaround, consider restricting access to the AttFilterValue parameter in the ednareporting.asmx service until a patch is available. Avoid using the AttFilterValue parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.