PT-2023-21484 · Ibm · Bigfix Webui Api App
Published
2023-07-18
·
Updated
2023-07-27
·
CVE-2023-28019
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bigfix WebUI API App versions prior to 14
Description
The issue is related to insufficient validation, allowing an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.
Recommendations
For versions prior to 14, update to version 14 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebUI API to minimize the risk of exploitation. Avoid using unparameterized SQL queries in the affected API until the issue is resolved.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigfix Webui Api App