nvd-json-data-feeds/CVE-2024/CVE-2024-122xx/CVE-2024-12245.json

{
  "id": "CVE-2024-12245",
  "sourceIdentifier": "disclosure@synopsys.com",
  "published": "2025-03-14T18:15:27.530",
  "lastModified": "2025-03-14T18:15:27.530",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers.\u00a0Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n de cierre de sesi\u00f3n incluye una inyecci\u00f3n SQL ciega que puede ser explotada por atacantes no autenticados. Mediante una t\u00e9cnica de inyecci\u00f3n SQL ciega basada en el tiempo, el atacante puede divulgar todo el contenido de la base de datos. La apropiaci\u00f3n de cuentas es un posible resultado, dependiendo de la presencia o ausencia de entradas en ciertas tablas de la base de datos."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "disclosure@synopsys.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "disclosure@synopsys.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",
      "source": "disclosure@synopsys.com"
    }
  ]
}
Auto-Update: 2025-03-14T19:00:20.984032+00:00 2025-03-14 19:03:50 +00:00			`{`
			`"id": "CVE-2024-12245",`
			`"sourceIdentifier": "disclosure@synopsys.com",`
			`"published": "2025-03-14T18:15:27.530",`
			`"lastModified": "2025-03-14T18:15:27.530",`
Auto-Update: 2025-03-23T03:00:20.104511+00:00 2025-03-23 03:03:54 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2025-03-14T19:00:20.984032+00:00 2025-03-14 19:03:50 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers.\u00a0Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables."`
Auto-Update: 2025-03-23T03:00:20.104511+00:00 2025-03-23 03:03:54 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "La funci\u00f3n de cierre de sesi\u00f3n incluye una inyecci\u00f3n SQL ciega que puede ser explotada por atacantes no autenticados. Mediante una t\u00e9cnica de inyecci\u00f3n SQL ciega basada en el tiempo, el atacante puede divulgar todo el contenido de la base de datos. La apropiaci\u00f3n de cuentas es un posible resultado, dependiendo de la presencia o ausencia de entradas en ciertas tablas de la base de datos."`
Auto-Update: 2025-03-14T19:00:20.984032+00:00 2025-03-14 19:03:50 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV40": [`
			`{`
			`"source": "disclosure@synopsys.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
			`"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
			`"baseScore": 8.7,`
			`"baseSeverity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"attackRequirements": "NONE",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"vulnConfidentialityImpact": "HIGH",`
			`"vulnIntegrityImpact": "NONE",`
			`"vulnAvailabilityImpact": "NONE",`
			`"subConfidentialityImpact": "NONE",`
			`"subIntegrityImpact": "NONE",`
			`"subAvailabilityImpact": "NONE",`
			`"exploitMaturity": "NOT_DEFINED",`
			`"confidentialityRequirement": "NOT_DEFINED",`
			`"integrityRequirement": "NOT_DEFINED",`
			`"availabilityRequirement": "NOT_DEFINED",`
			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
			`"modifiedVulnConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedVulnIntegrityImpact": "NOT_DEFINED",`
			`"modifiedVulnAvailabilityImpact": "NOT_DEFINED",`
			`"modifiedSubConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedSubIntegrityImpact": "NOT_DEFINED",`
			`"modifiedSubAvailabilityImpact": "NOT_DEFINED",`
			`"Safety": "NOT_DEFINED",`
			`"Automatable": "NOT_DEFINED",`
			`"Recovery": "NOT_DEFINED",`
			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
			`"providerUrgency": "NOT_DEFINED"`
			`}`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "disclosure@synopsys.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-89"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html",`
			`"source": "disclosure@synopsys.com"`
			`}`
			`]`
			`}`