nvd-json-data-feeds/CVE-2024/CVE-2024-66xx/CVE-2024-6632.json

{
  "id": "CVE-2024-6632",
  "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
  "published": "2024-08-27T15:15:17.300",
  "lastModified": "2024-08-30T14:07:18.443",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en FileCatalyst Workflow por la cual un campo al que puede acceder el superadministrador se puede utilizar para realizar un ataque de inyecci\u00f3n SQL que puede provocar una p\u00e9rdida de confidencialidad, integridad y disponibilidad."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      },
      {
        "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    },
    {
      "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortra:filecatalyst_workflow:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.0.4",
              "versionEndExcluding": "5.1.7",
              "matchCriteriaId": "6CDAAF1B-D610-4238-8372-8A6DD3C2FC57"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.fortra.com/security/advisories/product-security/fi-2024-010",
      "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}