CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.6%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.tenable.com/security/research/tra-2023-24
https://www.tenable.com/security/research/tra-2023-24

Products affected by CVE-2023-3983

Advantech » Iview » Version: 5.6

cpe:2.3:a:advantech:iview:5.6
Advantech » Iview » Version: 5.7

cpe:2.3:a:advantech:iview:5.7
Advantech » Iview » Version: 5.7.02

cpe:2.3:a:advantech:iview:5.7.02
Advantech » Iview » Version: 5.7.03.6112

cpe:2.3:a:advantech:iview:5.7.03.6112
Advantech » Iview » Version: 5.7.03.6182

cpe:2.3:a:advantech:iview:5.7.03.6182
Advantech » Iview » Version: 5.7.04.6469

cpe:2.3:a:advantech:iview:5.7.04.6469
Advantech » Iview » Version: 5.7.04.6583

cpe:2.3:a:advantech:iview:5.7.04.6583

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3983

Products

Pricing

Contact Us