Vendor | |
Product | Openbravo Business Suite |
Affected Version(s) | 3.0 and probably prior |
Tested Version(s) | 3.0 |
Vulnerability Discovery | May 26, 2017 |
Vendor Notification | May 26, 2017 |
Advisory Publication | May 29, 2017 [without technical details] |
Vendor Acknowledgment | June 13, 2017 |
Vendor Fix | N/A |
Public Disclosure | N/A |
Latest Modification | June 6, 2017 |
CVE Identifier(s) | CVE-2017-9437 |
Product Description | The Openbravo Business Suite is a global management solution built on top of a truly modular, mobile-enabled and cloud-ready technology platform that allows organizations to deliver business process improvements faster, be more focused on business differentiation and business process innovation, and do so with lower risks. |
Credits | Mahmoud Reda, Security Researcher & Penetration Tester @wizlynx group |
SQL Injection | |||
Severity: Medium | CVSS Score: 6.3 | CWE-ID: CWE-89 | Status: Not Fixed |
Vulnerability Description | |||
The application Openbravo is affected by SQL injection vulnerability affecting version 3.0. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | |||
CVSS Base Score | |||
Attack Vector | Network | Scope | Unchanged |
Attack Complexity | Low | Confidentiality Impact | Low |
Privileges Required | Low | Integrity Impact | Low |
User Interaction | Required | Availability Impact | Low |
Full details about the vulnerability will be disclosed once the vendor has provided a patch.