IBAX go-ibax /api/v2/open/tablesInfo sql injection

EntryHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. Using CWE to declare the problem leads to CWE-89. The weakness was shared 11/01/2022 as 2060. The advisory is available at github.com. This vulnerability is traded as CVE-2022-3798. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1505 by the MITRE ATT&CK project. It is declared as proof-of-concept. The exploit is shared for download at github.com. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field	11/01/2022 16:43	11/30/2022 15:01	11/30/2022 15:02
vendor	IBAX	IBAX	IBAX
name	go-ibax	go-ibax	go-ibax
file	/api/v2/open/tablesInfo	/api/v2/open/tablesInfo	/api/v2/open/tablesInfo
cwe	89 (sql injection)	89 (sql injection)	89 (sql injection)
risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
identifier	2060	2060	2060
url	https://github.com/IBAX-io/go-ibax/issues/2060	https://github.com/IBAX-io/go-ibax/issues/2060	https://github.com/IBAX-io/go-ibax/issues/2060
availability	1	1	1
publicity	1	1	1
url	https://github.com/IBAX-io/go-ibax/issues/2060	https://github.com/IBAX-io/go-ibax/issues/2060	https://github.com/IBAX-io/go-ibax/issues/2060
cve	CVE-2022-3798	CVE-2022-3798	CVE-2022-3798
responsible	VulDB	VulDB	VulDB
date	1667257200 (11/01/2022)	1667257200 (11/01/2022)	1667257200 (11/01/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.1
cvss3_meta_tempscore	5.7	5.7	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1667257200 (11/01/2022)	1667257200 (11/01/2022)
cve_nvd_summary		A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability.	A vulnerability classified as critical has been found in IBAX go-ibax. Affected is an unknown function of the file /api/v2/open/tablesInfo. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212634 is the identifier assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss3_nvd_basescore			8.8
cvss3_cna_basescore			6.3

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!