SQL Injection in Advantech Iview

CVE-2023-3983

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

Vulnerability class: SQL Injection

EPSS: 0.151 (96.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Advantech Iview
  • N/a Advantech Iview — versions versions prior to v5.7.4 build 6752

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-3983?
CVE-2023-3983 is a high-severity vulnerability in Advantech Iview, classified under SQL Injection. CVSS score: 8.8/10. Published 2023-07-31.
How severe is CVE-2023-3983?
High severity. CVSS v3 base score is 8.8 out of 10.