CVE-2021-37197

Name of the Vulnerable Software and Affected Versions COMOS versions V10.2 through V10.4.1, specifically versions V10.2, V10.3 through V10.3.3.3, and V10.4 through V10.4.1, when web components are used.

Description A SQL injection issue has been identified in the COMOS Web component, allowing an attacker to execute arbitrary SQL statements. This could potentially lead to unauthorized access or data manipulation.

Recommendations For COMOS V10.2, update to a version where web components are not used or apply specific security patches if available. For COMOS V10.3, update to version V10.3.3.3 or later, ensuring web components are securely configured. For COMOS V10.4, update to version V10.4.1 or later, with secure web component configuration. As a temporary workaround, consider restricting access to the COMOS Web component to minimize the risk of SQL injection attacks.