CVE-2024-23975

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 21, 2024

Updated: Mar 22, 2024

CWE ID 89

Summary

CVE-2024-23975 denotes a critical SQL injection vulnerability. This issue impacts the function GetDIAE_slogListParameters, which is susceptible to maliciously crafted SQL queries. An attacker can exploit this vulnerability to access, modify, or even delete data from the underlying database without proper authorization. This flaw poses a significant risk for unauthorized data access and manipulation. It is strongly advised to apply the necessary patches to mitigate this vulnerability promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u4osKg
https://www.cve.org/CVERecord?id=CVE-2024-23975
https://nvd.nist.gov/vuln/detail/CVE-2024-23975

Back to Vulnerability Database

CVE-2024-23975

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations