Schneider-electric Struxureware Data Center Expert : Security vulnerabilities, CVEs sql injection

CVE-2023-37197

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the mass configuration settings of endpoints on DCE.

Max CVSS

8.8

EPSS Score

0.05%

Published

2023-07-12

Updated

2023-07-19

CVE-2023-37196

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content, change, or delete content, or perform unauthorized actions when tampering with the alert settings of endpoints on DCE.

Max CVSS

8.8

EPSS Score

0.05%

Published

2023-07-12

Updated

2023-07-19

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

Schneider-electric » Struxureware Data Center Expert : Security Vulnerabilities, CVEs, (Sql injection) CVSS score >= 4

CVE-2023-37197

CVE-2023-37196