Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Blind SQL vulnerability in 1E platform
Vulnerability Description
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
1E Platform SQL注入漏洞
Vulnerability Description
1E Platform是1E公司的一种终端端点管理和自动化解决方案。 1E Platform v8.1.2之前 、v8.4.1之前、 v9.0.1之前、v23.7.1 (SaaS)之前版本版本存在安全漏洞,该漏洞源于SQL 命令中使用的特殊元素的不正确中和,导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A