SQL Injection vulnerability in Advantech iView CVE-2022-3323
1 min readSQL Injection vulnerability in Advantech iView CVE-2022-3323
Risk: High
CVE ID: CVE-2022-3323
CVE Score: 7.5
Impacted Product: Advantech iView 5.7.04.6469
Published Date: 03 Oct 2022
Updated: 03 Oct 2022
Vulnerability Threat & Description:
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the Configuration Servlet endpoint. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection.
Remediation Level: Unknown
Attack Vector: Network
Authentication requested: None
Privileges Required: None
Patch Available: Unknown
Public Exploit available:
Attack Complexity: Low
User Interaction: None
Impact on:
• Confidentiality: High
• Integrity: None
• Availability: None
More Info:
https://www.tenable.com/security/research/tra-2022-32