CVE-2020-15792

Name of the Vulnerable Software and Affected Versions Desigo Insight (All versions)

Description A vulnerability has been identified where the web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.

Recommendations For all versions, consider restricting access to the reserved area of the web service to minimize the risk of exploitation. As a temporary workaround, review and apply proper input validation for query parameters to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.