CVE-2024-49588 Vulnerability Details

  /     /     /  

CVE-2024-49588 Metadata Quick Info

CVE Published: 21/11/2024 | CVE Updated: 27/11/2024 | CVE Year: 2024
Source: Palantir | Vendor: Palantir | Product: com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar
Status : PUBLISHED

CVE-2024-49588 Description

Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

Metrics

CVSS Version: 3.1 | Base Score: 6.8 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-89
CWE Name: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Source: Palantir

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-66
CAPEC Description: This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-49588 Vulnerability Details