CVE-2024-49588
6.8
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/MAV:A/MAC:L/MPR:H/MUI:R/MS:U
Summary
Multiple endpoints in oracle-sidecar in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Palantir | com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar | * < 0.544.0 | affected |
| Palantir | com.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar | 0.347.0 < * | affected |
Weaknesses
- CWE-89: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c
- https://cwe.mitre.org/data/definitions/89.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.