Home / Early Warning / Vulnerabilidades / CVE-2021-3604

CVE-2021-3604

Type: 
SQL Injection
Severity: 
High
Publication date: 
06/18/2021
Last modified: 
06/24/2021
Description
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:a:primion-digitek:secure_8:1.0.1.55:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields