CVE-2023-48645

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 2, 2024

Updated: Feb 13, 2024

CWE ID 89

Summary

CVE-2023-48645 is a newly disclosed vulnerability affecting the Archibus app 4.0.3 for iOS. This issue arises due to a SQL injection vulnerability in the search work request feature within the Maintenance module of the application. When the app is opened or the refresh button is utilized, the local database is synchronized with a central web server instance. Malicious actors can exploit this flaw to carry out unauthorized queries on the local database, potentially gaining access to sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Eptura

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tcZ3b_
https://www.cve.org/CVERecord?id=CVE-2023-48645
https://nvd.nist.gov/vuln/detail/CVE-2023-48645

Back to Vulnerability Database

CVE-2023-48645

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations