Vulnerability Details CVE-2021-41063
SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-01
- https://www.xylem.com
- https://www.xylem.com/en-us/about-xylem/cybersecurity/advisories/
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-aanderaa-psa-2021-003.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-334-01
- https://www.xylem.com
- https://www.xylem.com/en-us/about-xylem/cybersecurity/advisories/
- https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-aanderaa-psa-2021-003.pdf
Products affected by CVE-2021-41063
-
cpe:2.3:a:xylem:aanderaa_geoview:-