CVE-2023-26440 HIGH

CVE-2023-26440

Vendor Ox Software Gmbh

Product OX App Suite

Weakness CWE-89 · SQLi

Published August 2, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Physical

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.

Key dates

02Disclosure timeline

August 2, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-26440 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2023-26440

01Description

02Disclosure timeline

03References

04Related CVE