CVE-2023-37197

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
12/07/2023
Last modified:
19/07/2023

Description

<br /> <br /> <br /> A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command<br /> (&amp;#39;SQL Injection&amp;#39;) vulnerability exists that could allow a user already authenticated on DCE to<br /> access unauthorized content, change, or delete content, or perform unauthorized actions when<br /> tampering with the mass configuration settings of endpoints on DCE. <br /> <br /> <br /> <br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:* 7.9.3 (including)