CVE-2023-52096

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8	Product
https://github.com/steve-community/ocpp-jaxb/issues/13	Exploit Issue Tracking
https://github.com/steve-community/steve/issues/1292	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:steve-community:ocpp-jaxb:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-26 23:15

Updated : 2024-01-04 03:38

NVD link : CVE-2023-52096

Mitre link : CVE-2023-52096

CVE.ORG link : CVE-2023-52096

JSON object : View

Products Affected

steve-community

ocpp-jaxb

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-52096", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T23:15:07.947", "references": [{"url": "https://github.com/steve-community/ocpp-jaxb/compare/0.0.7...0.0.8", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/steve-community/ocpp-jaxb/issues/13", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/steve-community/steve/issues/1292", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point Protocol message with a timestamp parameter of 1000000). This may lead to a SQL exception in applications, and may undermine the integrity of transaction records."}, {"lang": "es", "value": "SteVe Community ocpp-jaxb anterior a 0.0.8 genera marcas de tiempo no v\u00e1lidas, como las del mes 00 en determinadas situaciones (como cuando una aplicaci\u00f3n recibe un Open Charge Point Protocol de StartTransaction con un par\u00e1metro de marca de tiempo de 1000000). Esto puede provocar una excepci\u00f3n de SQL en las aplicaciones y puede socavar la integridad de los registros de transacciones."}], "lastModified": "2024-01-04T03:38:49.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:steve-community:ocpp-jaxb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00CEA40C-5001-4C81-A9C8-45DA784BBEEA", "versionEndExcluding": "0.0.8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}