VAR-201708-1124
Vulnerability from variot - Updated: 2023-12-18 12:19A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "8.2"
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.9,
"vendor": "advantech",
"version": "8.2"
},
{
"model": "webaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "advantech",
"version": "8.2_20170817"
},
{
"model": "webaccess",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess \u003cv8.2 20170817",
"scope": null,
"trust": 0.6,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess 8.2 20170330",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess 8.1 20160519",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess 8.0 20150816",
"scope": null,
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "8"
},
{
"model": "webaccess 8.2 20170817",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": null
},
{
"model": "webaccess",
"scope": "ne",
"trust": 0.3,
"vendor": "advantech",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12710"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable Network Security",
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-712"
}
],
"trust": 0.7
},
"cve": "CVE-2017-12710",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12710",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12710",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23886",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "526eff5a-fc92-4271-a592-23146544e85e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-103260",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12710",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12710",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2017-12710",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23886",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103260",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "VULHUB",
"id": "VHN-103260"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12710",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-17-241-02",
"trust": 3.4
},
{
"db": "ZDI",
"id": "ZDI-17-712",
"trust": 1.8
},
{
"db": "BID",
"id": "100526",
"trust": 1.4
},
{
"db": "TENABLE",
"id": "TRA-2017-29",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23886",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4548",
"trust": 0.7
},
{
"db": "IVD",
"id": "526EFF5A-FC92-4271-A592-23146544E85E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103260",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"id": "VAR-201708-1124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
}
],
"trust": 1.582453675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
}
]
},
"last_update_date": "2023-12-18T12:19:34.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advantech WebAccess",
"trust": 0.8,
"url": "http://www.advantech.com/industrial-automation/webaccess"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02"
},
{
"title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2017-23886)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101170"
},
{
"title": "Advantech WebAccess SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74366"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/100526"
},
{
"trust": 1.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-17-712/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/research/tra-2017-29"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12710"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12710"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"db": "VULHUB",
"id": "VHN-103260"
},
{
"db": "BID",
"id": "100526"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"date": "2017-08-30T00:00:00",
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-103260"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100526"
},
{
"date": "2017-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"date": "2017-08-30T18:29:00.657000",
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "ZDI",
"id": "ZDI-17-712"
},
{
"date": "2017-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23886"
},
{
"date": "2017-11-10T00:00:00",
"db": "VULHUB",
"id": "VHN-103260"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100526"
},
{
"date": "2017-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007575"
},
{
"date": "2017-11-10T02:29:17.247000",
"db": "NVD",
"id": "CVE-2017-12710"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech WebAccess In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007575"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "526eff5a-fc92-4271-a592-23146544e85e"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1277"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…