Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108 | Exploit Technical Description Third Party Advisory |
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108 | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108 - Exploit, Technical Description, Third Party Advisory |
Information
Published : 2020-09-24 15:15
Updated : 2024-11-21 05:01
NVD link : CVE-2020-13505
Mitre link : CVE-2020-13505
CVE.ORG link : CVE-2020-13505
JSON object : View
Products Affected
aveva
- edna_enterprise_data_historian
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')