Details of VAR-201903-1644

ID

VAR-201903-1644

TITLE

Kodak Video Cloud MCU Device exists SQL Injection hole

Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

DESCRIPTION

Kodak Video Cloud MCU Device search function exists SQL Inject holes. Allows an attacker to compromise the application, access or modify data, or exploit potential vulnerabilities in the underlying database.

Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

AFFECTED PRODUCTS

vendor:	cpe a keda jd	model:	-	scope:	eq	version:	6000	Trust: 0.2
vendor:	cpe a keda jds	model:	-	scope:	eq	version:	6000	Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	c78e2916-3fea-11e9-a5f4-00900b69299a
value:	HIGH
Trust: 0.2

IVD:	c78e2916-3fea-11e9-a5f4-00900b69299a
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.3 [IVD]
Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

TYPE

SQL injection

Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

EXTERNAL IDS

db:

IVD

id:

C78E2916-3FEA-11E9-A5F4-00900B69299A

Trust: 0.2

sources: IVD: c78e2916-3fea-11e9-a5f4-00900b69299a

SOURCES

db:

IVD

id:

c78e2916-3fea-11e9-a5f4-00900b69299a

LAST UPDATE DATE

2022-05-04T09:22:28.302000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE

db:

IVD

id:

c78e2916-3fea-11e9-a5f4-00900b69299a

date:

2019-03-07T00:00:00