CVE-2022-30619
5.9
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Summary
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Agile Point | Agile Point NX | 8.0 < 7.0* | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.