Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38492: CVE-2022-38492 - Excellium Services

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 before 2022.1.110.1.02. One parameter allows SQL injection.

CVE
Open in Source
#sql#vulnerability#web#auth

Abstract Advisory Information

One of the parameters is vulnerable to SQL injections.

Author: Valentin Giannini & Alexis Pain

Version affected

Name: Easy Vista

Versions: 2020.2.125.3 & 2022.1.109.0.03

Common Vulnerability Scoring System

7.7

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Patch

2022.1.110.1.02

References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38492

Vulnerability Disclosure Timeline

  • 17/05/2022: Vulnerability discovery
  • 18/05/2022: Vulnerability Report to CERT-XLM
  • 19/05/2022: Vulnerability Report to Vendor through Contact Form
  • 24/05/2022: Vulnerability Report to Vendor through investigation at “[email protected]
  • 24/05/2022: Vulnerability Report to Vendor through Contact Form
  • 03/06/2022: Vulnerability Report to Vendor through investigation at “[email protected]
  • 03/06/2022: Vulnerability Report to Vendor through Contact Form
  • 03/06/2022: Vendor called, redirect us to support team08/07/2022: Vulnerability Report to Vendor through investigation at multiple contact point
  • 25/07/2022: Vulnerability Report sent to Vendor through multiple investigations at security contact point
  • 25/07/2022: Phonecall with Vendor
  • 19/08/2022: Updates asked to vendor through multiple investigations
  • 19/08/2022: Updates received from Vendor, fix is done (now awaiting fix for other CVE)
  • 20/08/2022: Request CVE ID to Mitre
  • 20/08/2022: CVE IDs assigned
  • 26/08/2022: Updates asked to vendor
  • 02/09/2022: Updates asked to vendor and CVE ID sent to vendor
  • 05/09/2022: Meeting with vendor to prepare the publication
  • 30/09/2022: Updates asked to vendor
  • 04/10/2022: Multiple calls attempts to the vendors
  • 31/10/2022: Expected Vulnerability disclosure

Our website uses cookies technologies to assist with navigation and your ability to provide feedback, analyze your use of our products and services, to enable you to use the social media functionalities and assist with our promotional and marketing efforts, and provide content from third parties. You may choose to opt-out from all non-essential cookie or allow them for a better browsing experience. For more information on the use of cookies, Please check our Privacy Notice ACCEPT REJECT

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE