CVE-2023-48384

{"id": "CVE-2023-48384", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T09:15:08.160", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7601-71c94-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database."}, {"lang": "es", "value": "ArmorX Global Technology Corporation ArmorX Spam no tiene validaci\u00f3n suficiente para la entrada del usuario dentro de una funci\u00f3n especial. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para inyectar comandos SQL arbitrarios para acceder, modificar y eliminar la base de datos."}], "lastModified": "2023-12-22T15:14:12.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:armorxgt:spamtrap:8.15.2-2.872.088-1.90.027:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C3135E-A96B-48A5-8BF3-4A352E573AAE"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}