CVE-2024-13955

Name of the Vulnerable Software and Affected Versions ASPECT-Enterprise versions through 3.* NEXUS Series versions through 3.* MATRIX Series versions through 3.*

Description 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised. This issue potentially grants unauthorized database access.

Recommendations For ASPECT-Enterprise versions through 3., consider restricting access to the database repositories to minimize the risk of exploitation. For NEXUS Series versions through 3., avoid using compromised administrator credentials to prevent unintended access. For MATRIX Series versions through 3.*, restrict access to sensitive database areas until a fix is available. As a temporary workaround, consider disabling access to sensitive database repositories for all affected series until a patch is available.