Vulnerability Details CVE-2019-18229
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://www.us-cert.gov/ics/advisories/icsa-19-304-01
- https://www.zerodayinitiative.com/advisories/ZDI-19-937/
- https://www.zerodayinitiative.com/advisories/ZDI-19-938/
- https://www.zerodayinitiative.com/advisories/ZDI-19-940/
- https://www.zerodayinitiative.com/advisories/ZDI-19-948/
- https://www.zerodayinitiative.com/advisories/ZDI-19-949/
- https://www.zerodayinitiative.com/advisories/ZDI-19-951/
- https://www.zerodayinitiative.com/advisories/ZDI-19-952/
- https://www.zerodayinitiative.com/advisories/ZDI-19-955/
- https://www.zerodayinitiative.com/advisories/ZDI-19-956/
- https://www.zerodayinitiative.com/advisories/ZDI-19-957/
- https://www.us-cert.gov/ics/advisories/icsa-19-304-01
- https://www.zerodayinitiative.com/advisories/ZDI-19-937/
- https://www.zerodayinitiative.com/advisories/ZDI-19-938/
- https://www.zerodayinitiative.com/advisories/ZDI-19-940/
- https://www.zerodayinitiative.com/advisories/ZDI-19-948/
- https://www.zerodayinitiative.com/advisories/ZDI-19-949/
- https://www.zerodayinitiative.com/advisories/ZDI-19-951/
- https://www.zerodayinitiative.com/advisories/ZDI-19-952/
- https://www.zerodayinitiative.com/advisories/ZDI-19-955/
- https://www.zerodayinitiative.com/advisories/ZDI-19-956/
- https://www.zerodayinitiative.com/advisories/ZDI-19-957/
Products affected by CVE-2019-18229
-
cpe:2.3:a:advantech:wise-paas/rmm:-
-
cpe:2.3:a:advantech:wise-paas/rmm:3.3.29