CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-37749

MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://download.hexagongeospatial.com/en/downloads/webgis/geomedia-webmap-2020-update-2
https://www.hexagongeospatial.com/products/power-portfolio/geomedia-webmap
https://www.silentgrid.com/blog/cve-2021-37749-hexagon-geomedia-webmap-2020-blind-sql-injection/
https://download.hexagongeospatial.com/en/downloads/webgis/geomedia-webmap-2020-update-2
https://www.hexagongeospatial.com/products/power-portfolio/geomedia-webmap
https://www.silentgrid.com/blog/cve-2021-37749-hexagon-geomedia-webmap-2020-blind-sql-injection/

Products affected by CVE-2021-37749

Hexagongeospatial » Geomedia Webmap » Version: N/A

cpe:2.3:a:hexagongeospatial:geomedia_webmap:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37749

Products

Pricing

Contact Us