CVE-2024-23843

Summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS through 5.0.55 LTS(Revision 125558), from 5.0.0 LTS through 5.0.56 LTS(Revision 125560).

Affected Software

VendorProductVersion RangeStatus
GeniansGenian NAC V5.0V5.0.0 <= V5.0.60affected
GeniansGenian NAC LTS V5.05.0.0 LTS <= 5.0.55 LTS(Revision 125558)affected
GeniansGenian NAC LTS V5.05.0.0 LTS <= 5.0.56 LTS(Revision 125560)affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References