CVE-2024-8395

Summary

FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication.

Affected Software

VendorProductVersion RangeStatus
FlyCASSCockpit Access Security System (CASS)0 < May 7, 2024affected
FlyCASSKnown Crewmember (KCM)0 < May 7, 2024affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References