CVE-2020-13505

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1108 Exploit Technical Description Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:aveva:edna_enterprise_data_historian:3.0.1.2\/7.5.4989.33053:*:*:*:*:*:*:*

Information

Published : 2020-09-24 08:15

Updated : 2020-09-25 08:04


NVD link : CVE-2020-13505

Mitre link : CVE-2020-13505


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

aveva

  • edna_enterprise_data_historian