var-201708-1124
Vulnerability from variot
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.2"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "8.2"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "8.2_20170817"
},
{
"model": "webaccess",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess \u003cv8.2 20170817",
"scope": null,
"trust": 0.6,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess 8.2 20170330",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess 8.1 20160519",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess 8.0 20150816",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8"
},
{
"model": "webaccess 8.2 20170817",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12710"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable Network Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-712"
}
],
"trust": 0.7
},
"cve": "CVE-2017-12710",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12710",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12710",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23886",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "526eff5a-fc92-4271-a592-23146544e85e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-103260",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12710",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12710",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-12710",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23886",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103260",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "VULHUB",
"id": "VHN-103260"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12710",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-17-241-02",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-17-712",
"trust": 1.8
},
{
"db": "BID",
"id": "100526",
"trust": 1.4
},
{
"db": "TENABLE",
"id": "TRA-2017-29",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4548",
"trust": 0.7
},
{
"db": "IVD",
"id": "526EFF5A-FC92-4271-A592-23146544E85E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103260",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"id": "VAR-201708-1124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
}
],
"trust": 1.582453675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
}
]
},
"last_update_date": "2023-12-18T12:19:34.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "http://www.advantech.com/industrial-automation/webaccess"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02"
},
{
"title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2017-23886)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101170"
},
{
"title": "Advantech WebAccess SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74366"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/100526"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-712/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2017-29"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12710"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12710"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"date": "2017-08-30T00:00:00",
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-103260"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100526"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"date": "2017-08-30T18:29:00.657000",
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"date": "2017-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"date": "2017-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-103260"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100526"
},
{
"date": "2017-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"date": "2017-11-10T02:29:17.247000",
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
],
"trust": 0.8
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.