What is CVE-2023-37924?

CVE-2023-37924 is a vulnerability in Apache Software Foundation Submarine, classified under SQL Injection. Published 2023-11-22.

Is CVE-2023-37924 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Apache Software Foundation Submarine

CVE-2023-37924

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. Thi…

Vulnerability class: SQL Injection

EPSS: 0.771 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Submarine — versions 0.7.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

issues.apache.org/jira/browse/SUBMARINE-1361 (issue-tracking)
github.com/apache/submarine/pull/1037 (patch)
lists.apache.org/thread/g99h773vd49n1wyghdq1llv2f83w1b3r (vendor-advisory)

Frequently asked questions

What is CVE-2023-37924?: CVE-2023-37924 is a vulnerability in Apache Software Foundation Submarine, classified under SQL Injection. Published 2023-11-22.
Is CVE-2023-37924 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.