admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/7xxx/CVE-2024-7552.json
CVE Team b4c9ccd7f7
"-Synchronized-Data."
2024-08-06 15:00:36 +00:00

110 lines
4.1 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-7552",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In DataGear bis 5.0.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion evaluateVariableExpression der Datei ConversionSqlParamValueMapper.java der Komponente Data Schema Page. Mittels Manipulieren mit unbekannten Daten kann eine improper neutralization of special elements used in an expression language statement-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement",
"cweId": "CWE-917"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DataGear",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.273697",
"refsource": "MISC",
"name": "https://vuldb.com/?id.273697"
},
{
"url": "https://vuldb.com/?ctiid.273697",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.273697"
},
{
"url": "https://vuldb.com/?submit.386413",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.386413"
},
{
"url": "https://gitee.com/datagear/datagear/issues/IAF3H7",
"refsource": "MISC",
"name": "https://gitee.com/datagear/datagear/issues/IAF3H7"
}
]
},
"credits": [
{
"lang": "en",
"value": "nerowander (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink