CVE-2024-49588

Summary

Multiple endpoints in oracle-sidecar in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections.

Affected Software

VendorProductVersion RangeStatus
Palantircom.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar* < 0.544.0affected
Palantircom.palantir.srx.prometheus.sls-oracle-sidecar:sls-oracle-sidecar0.347.0 < *affected

Weaknesses

  • CWE-89: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References