The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html | Third Party Advisory |
Configurations
History
17 Oct 2024, 20:34
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html - Third Party Advisory | |
CPE | cpe:2.3:a:newtype:flowmaster_bpm_plus:*:*:*:*:*:*:*:* | |
First Time |
Newtype
Newtype flowmaster Bpm Plus |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 04:15
Updated : 2024-10-17 20:34
NVD link : CVE-2024-9971
Mitre link : CVE-2024-9971
CVE.ORG link : CVE-2024-9971
JSON object : View
Products Affected
newtype
- flowmaster_bpm_plus
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')