CVE-2023-37196
published 2023-07-12CVE-2023-37196: A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command
('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to
access unauthorized content, change, or delete content, or perform unauthorized actions when
tampering with the alert settings of endpoints on DCE.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | struxureware_data_center_expert | <= 7.9.3 | — |
| schneider_electric | struxureware_data_center_expert | — | — |