CVE-2023-30243

Name of the Vulnerable Software and Affected Versions Beijing Netcon NS-ASG Application Security Gateway version 6.3

Description The issue allows access to sensitive information via SQL Injection, specifically through the TunnelId. This enables unauthorized access to sensitive data.

Recommendations For version 6.3, consider restricting access to the TunnelId parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the TunnelId in sensitive transactions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.