SQL Injection in Advantech Iview
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Vulnerability class: SQL Injection
EPSS: 0.151 (96.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Advantech Iview
- N/a Advantech Iview — versions versions prior to v5.7.4 build 6752
Weakness classification (CWE)
References
- vulnreport@tenable.com (Exploit, Third Party Advisory)
Frequently asked questions
- What is CVE-2023-3983?
- CVE-2023-3983 is a high-severity vulnerability in Advantech Iview, classified under SQL Injection. CVSS score: 8.8/10. Published 2023-07-31.
- How severe is CVE-2023-3983?
- High severity. CVSS v3 base score is 8.8 out of 10.