CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-23574

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.5%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2023-23574

Nozominetworks » Cmc » Version: 22.0.0

cpe:2.3:a:nozominetworks:cmc:22.0.0
Nozominetworks » Cmc » Version: 22.5.2

cpe:2.3:a:nozominetworks:cmc:22.5.2
Nozominetworks » Cmc » Version: 22.6.0

cpe:2.3:a:nozominetworks:cmc:22.6.0
Nozominetworks » Guardian » Version: 19.0.4

cpe:2.3:a:nozominetworks:guardian:19.0.4
Nozominetworks » Guardian » Version: 22.0.0

cpe:2.3:a:nozominetworks:guardian:22.0.0
Nozominetworks » Guardian » Version: 22.5.2

cpe:2.3:a:nozominetworks:guardian:22.5.2
Nozominetworks » Guardian » Version: 22.6.0

cpe:2.3:a:nozominetworks:guardian:22.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-23574

Products

Pricing

Contact Us