PT-2025-22516 · Unknown · Matrix Series+2

Published

2025-05-22

Updated

2025-05-22

CVE-2024-13928

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03

Description SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.

Recommendations For ASPECT-Enterprise versions through 3.08.03, consider restricting access to database repositories and limiting session administrator credentials to minimize the risk of exploitation. For NEXUS Series versions through 3.08.03, restrict access to database repositories and limit session administrator credentials until a fix is available. For MATRIX Series versions through 3.08.03, limit session administrator credentials and restrict access to database repositories to reduce the risk of unintended access and manipulation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-13928

Affected Products

Aspect-Enterprise

Matrix Series

Nexus Series

PT-2025-22516 · Unknown · Matrix Series+2

CVE-2024-13928

Weakness Enumeration

Related Identifiers

Affected Products

References · 3