CVE-2020-14497

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 Third Party Advisory US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-858/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-836/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-848/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-856/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-868/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-846/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-838/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-828/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-850/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-862/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-860/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-854/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-832/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-844/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-866/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-852/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-830/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-864/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-842/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-847/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-869/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-837/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-845/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-857/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-835/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-827/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-849/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-839/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-861/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-851/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-865/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-843/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-855/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-833/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-863/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-853/ Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:iview:*:*:*:*:*:*:*:*

Information

Published : 2020-07-14 19:15

Updated : 2020-07-21 13:34


NVD link : CVE-2020-14497

Mitre link : CVE-2020-14497


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

advantech

  • iview