PT-2024-13617 · Archibus · Archibus
Elliot Rasch
·
Published
2024-02-02
·
Updated
2025-06-03
·
CVE-2023-48645
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Archibus app version 4.0.3 for iOS
Description
An issue was discovered in the Archibus app, which uses a local database synchronized with a Web central server instance. There is a SQL injection in the search work request feature in the Maintenance module of the app, allowing queries to be performed on the local database.
Recommendations
For Archibus app version 4.0.3, consider disabling the search work request feature in the Maintenance module as a temporary workaround until a patch is available. Restrict access to the local database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archibus