CVE-2018-16803 Information

Description

In CIMTechniques CIMScan 6.x through 6.2 the SOAP WSDL parser allows attackers to execute SQL code.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://twitter.com/DC3VDP/status/1083359509995753473 https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/ https://www.websec.nl/news.php

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8