Vulnerability Details CVE-2021-28022
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2021-28022
-
cpe:2.3:a:servicetonic:servicetonic:6.0
-
cpe:2.3:a:servicetonic:servicetonic:6.0.16407
-
cpe:2.3:a:servicetonic:servicetonic:6.0.16662
-
cpe:2.3:a:servicetonic:servicetonic:6.0.16976
-
cpe:2.3:a:servicetonic:servicetonic:6.0.17592
-
cpe:2.3:a:servicetonic:servicetonic:6.0.18181
-
cpe:2.3:a:servicetonic:servicetonic:6.0.20908
-
cpe:2.3:a:servicetonic:servicetonic:6.0.21568
-
cpe:2.3:a:servicetonic:servicetonic:6.0.22070
-
cpe:2.3:a:servicetonic:servicetonic:7.0.22707
-
cpe:2.3:a:servicetonic:servicetonic:7.0.23208
-
cpe:2.3:a:servicetonic:servicetonic:7.0.23699
-
cpe:2.3:a:servicetonic:servicetonic:8.0.00000
-
cpe:2.3:a:servicetonic:servicetonic:8.0.031248
-
cpe:2.3:a:servicetonic:servicetonic:8.0.031610
-
cpe:2.3:a:servicetonic:servicetonic:8.0.24535
-
cpe:2.3:a:servicetonic:servicetonic:8.0.27024
-
cpe:2.3:a:servicetonic:servicetonic:8.0.27608
-
cpe:2.3:a:servicetonic:servicetonic:8.0.28350
-
cpe:2.3:a:servicetonic:servicetonic:8.0.28646
-
cpe:2.3:a:servicetonic:servicetonic:8.0.29214
-
cpe:2.3:a:servicetonic:servicetonic:8.0.29632
-
cpe:2.3:a:servicetonic:servicetonic:8.0.30392
-
cpe:2.3:a:servicetonic:servicetonic:8.0.30750
-
cpe:2.3:a:servicetonic:servicetonic:8.0.32429
-
cpe:2.3:a:servicetonic:servicetonic:8.0.33075
-
cpe:2.3:a:servicetonic:servicetonic:8.0.33692
-
cpe:2.3:a:servicetonic:servicetonic:9.0.00000
-
cpe:2.3:a:servicetonic:servicetonic:9.0.034565