CVE-2020-13505

Summary

Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aAvevaAveva eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053affected

Weaknesses

  • SQL injection

ADP Enrichment

CVE Program Container

Additional References

References