Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for OAKSv20 OAKlouds-mol_course_v3 2.0 by HGiga

CVE-2021-22852 (GCVE-0-2021-22852)

Vulnerability from cvelistv5

Published

2021-01-19 10:05

Modified

2024-09-16 16:33

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - SQL Injection

Summary

HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data.

References

URL

Tags

	https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef	x_refsource_MISC
	https://www.twcert.org.tw/tw/cp-132-4328-97765-1.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

HGiga

OAKSv20 OAKlouds-mol_course_v3 2.0

Version: 2.0-124 <

HGiga

OAKSv30 OAKlouds-mol_course_v3 3.0

Version: 3.0-124 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.twcert.org.tw/tw/cp-132-4328-97765-1.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OAKSv20 OAKlouds-mol_course_v3 2.0",
          "vendor": "HGiga",
          "versions": [
            {
              "lessThanOrEqual": "2.0-146",
              "status": "affected",
              "version": "2.0-124",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "OAKSv30 OAKlouds-mol_course_v3 3.0",
          "vendor": "HGiga",
          "versions": [
            {
              "lessThanOrEqual": "3.0-146",
              "status": "affected",
              "version": "3.0-124",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-01-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-19T10:05:36.000Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-4328-97765-1.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "OAKSv30 OAKlouds-mol_course_v3 3.0 \u003e= 3.0-147\nOAKSv20 OAKlouds-mol_course_v3 2.0 \u003e= 2.0-147"
        }
      ],
      "source": {
        "advisory": "TVN-202101006",
        "discovery": "EXTERNAL"
      },
      "title": "HGiga OAKloud Portal - SQL injection -2",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "TWCERT/CC",
          "ASSIGNER": "cve@cert.org.tw",
          "DATE_PUBLIC": "2021-01-19T08:53:00.000Z",
          "ID": "CVE-2021-22852",
          "STATE": "PUBLIC",
          "TITLE": "HGiga OAKloud Portal - SQL injection -2"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OAKSv20 OAKlouds-mol_course_v3 2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "2.0-124",
                            "version_value": "2.0-146"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "OAKSv30 OAKlouds-mol_course_v3 3.0",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "3.0-124",
                            "version_value": "3.0-146"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "HGiga"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef",
              "refsource": "MISC",
              "url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
            },
            {
              "name": "https://www.twcert.org.tw/tw/cp-132-4328-97765-1.html",
              "refsource": "MISC",
              "url": "https://www.twcert.org.tw/tw/cp-132-4328-97765-1.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "OAKSv30 OAKlouds-mol_course_v3 3.0 \u003e= 3.0-147\nOAKSv20 OAKlouds-mol_course_v3 2.0 \u003e= 2.0-147"
          }
        ],
        "source": {
          "advisory": "TVN-202101006",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2021-22852",
    "datePublished": "2021-01-19T10:05:36.386Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:33:42.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}